CVE Daily

CVE-2025-7519

A flaw was found in polkit. When processing an XML policy with 32 or more nested...

Medium CVSS 6.7

Overview

A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly.

CWE: CWE-787 Published: 2025-07-14T14:15:25.593
Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 6.7 (MEDIUM)
  • Detected tags: oob_write, rce (tag impact: VERY HIGH)

Recommended actions:

  • Patch/upgrade immediately (remote code execution).
  • Reduce exposure (WAF/segmentation), minimize attack surface.

Recommended tools

Tags