CVE-2025-67859 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
suse	CNA	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

tlp

bullseye	1.3.1-2 not-affected
trixie	1.8.0-1 not-affected
bookworm	1.5.0-2 not-affected
forky	1.9.1-1 fixed
sid	1.9.1-1 fixed

Common Weakness Enumeration

CWE-287 - Improper Authentication
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

Vulnerability Media Exposure

[ENGLISH] ⚡ Weekly Recap: AI Automation Exploits, Telecom Espionage, Prompt Poaching & More
This week made one thing clear: small oversights can spiral fast. Tools meant to save time and reduce friction turned into easy entry points once basic safeguards were ignored. Attackers didn’t need novel tricks. They used what was already exposed and moved in without resistance. Scale amplified the damage. A single weak configuration rippled out to millions. A repeatable flaw worked again and
Published: 2026-01-12T19:11:00+05:30

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-67859

https://security.opensuse.org/2026/01/07/tlp-polkit-authentication-bypass.html