CVE-2025-67859

EUVD-2026-2520
A Improper Authentication vulnerability in TLP allows local users to arbitrarily control the power
profile in use as well as the daemon’s log settings.This issue affects TLP: from 1.9 before 1.9.1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
Debian logo
Debian Releases
Debian Product
Codename
tlp
bookworm
1.5.0-2
not-affected
bullseye
1.3.1-2
not-affected
forky
1.9.1-1
fixed
sid
1.9.1-1
fixed
trixie
1.8.0-1
not-affected
Common Weakness Enumeration
References
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-67859
https://security.opensuse.org/2026/01/07/tlp-polkit-authentication-bypass.html