CNNVD-202509-2268 Information

CNNVD ID

CNNVD-202509-2268

Related CVE

CVE-2025-59378

• CNNVD Published: 2025-09-15

Description (Chinese)

GNU Guix是美国GNU社区的一款开源的、跨平台程序包管理器。 GNU Guix 1618ca7之前版本存在安全漏洞，该漏洞源于content-addressed-mirrors文件可被写入以创建setuid程序，可能导致权限提升。

Description (English)

GNU Guix is an open-source, cross-platform package manager for the GNU community in the United States. There is a security loophole in the pre-GNU Guix 1618ca7 version, which stems from the fact that the document can be written to create a setuid program, which may lead to an increase in privileges.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Go JOSE

Published

2025-09-15

Last Modified

2026-02-24

References

https://guix.gnu.org/en/blog/2025/privilege-escalation-vulnerability-2025-2/ https://codeberg.org/guix/guix/commit/1618ca7aa2ee8b6519ee9fd0b965e15eca2bfe45 https://access.redhat.com/security/cve/cve-2025-59378

Patch

https://guix.gnu.org/zh-CN/download/