CVE-2025-54567 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.2 MEDIUM	ADJACENT_NETWORK	HIGH	NONE	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
mitre	CNA	4.2 MEDIUM				CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
CISA-ADP	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 1%

Debian Releases

Debian Product

Codename

qemu

bullseye	1:5.2+dfsg-11+deb11u3 not-affected
bookworm	1:7.2+dfsg-7+deb12u13 not-affected
bullseye (security)	1:5.2+dfsg-11+deb11u4 fixed
trixie	vulnerable
sid	vulnerable

Common Weakness Enumeration

CWE-684 - Incorrect Provision of Specified Functionality
The code does not function according to its published specifications, potentially leading to incorrect usage.

Vulnerability Media Exposure

[GERMAN] QEMU: Mehrere Schwachstellen ermöglichen Manipulation von Dateien
Ein Angreifer aus einem angrenzenden Netzwerk kann mehrere Schwachstellen in QEMU ausnutzen, um Dateien zu manipulieren.
Published: 2025-07-24T22:00:00+00:00

References

https://lore.kernel.org/qemu-devel/20250713-wmask-v1-1-4c744cdb32c0@rsg.ci.i.u-tokyo.ac.jp/