CVE-2025-54566 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.2 MEDIUM	ADJACENT_NETWORK	HIGH	NONE	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
mitre	CNA	4.2 MEDIUM				CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
CISA-ADP	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

qemu

bullseye	1:5.2+dfsg-11+deb11u3 not-affected
bookworm	1:7.2+dfsg-7+deb12u16 not-affected
bullseye (security)	1:5.2+dfsg-11+deb11u5 fixed
bookworm (security)	1:7.2+dfsg-7+deb12u15 fixed
trixie	1:10.0.3+ds-0+deb13u1 fixed
trixie (security)	1:10.0.2+ds-2+deb13u1 fixed
forky	1:10.1.2+ds-1 fixed
sid	1:10.1.2+ds-1 fixed

Common Weakness Enumeration

CWE-642 - External Control of Critical State Data
The software stores security-critical state information about its users, or the software itself, in a location that is accessible to unauthorized actors.

References

https://lore.kernel.org/qemu-devel/20250713-wmask-v1-1-4c744cdb32c0@rsg.ci.i.u-tokyo.ac.jp/