CVE-2025-52993 Information

Jun 28, 2025 cve

Description

A race condition in the Nix Lix and Guix package managers enables changing the ownership of arbitrary files to the UID and GID of the build user (e.g. nixbld or guixbuild). This affects Nix before 2.24.15 2.26.4 2.28.4 and 2.29.1; Lix before 2.91.2 2.92.2 and 2.93.1; and Guix before 1.4.0-38.0e79d5b.

Reference

https://discourse.nixos.org/t/security-advisory-privilege-escalations-in-nix-lix-and-guix/66017 https://guix.gnu.org/en/blog/2025/privilege-escalation-vulnerabilities-2025/ https://labs.snyk.io https://lix.systems/blog/2025-06-24-lix-cves/ https://security.snyk.io/vuln/?search=CVE-2025-52993 https://security-tracker.debian.org/tracker/CVE-2025-52993

CNNVD-202506-3533 (Published: 2025-06-27)

Share on:

CVE-2025-52993 Information

Description

Reference

Related CNNVD