CVE-2025-7519

EUVD-2025-21350
A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
Affected Products (NVD)
VendorProductVersion
redhatopenshift_container_platform
4.0
redhatenterprise_linux
6.0
redhatenterprise_linux
7.0
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
redhatenterprise_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
policykit-1
bookworm
unimportant
bullseye
unimportant
bullseye (security)
unimportant
forky
127-3
fixed
sid
127-3
fixed
trixie
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
policykit-1
bionic
needs-triage
focal
needs-triage
jammy
Fixed 0.105-33ubuntu0.1
released
noble
Fixed 124-2ubuntu1.24.04.3
released
plucky
ignored
questing
Fixed 126-2ubuntu0.1
released
resolute
not-affected
trusty
needs-triage
xenial
needs-triage
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libpolkit-agent-1-0-121
suse enterprise desktop 15 SP6
150500.3.6.1
fixed
suse enterprise desktop 15 SP7
150500.3.6.1
fixed
suse enterprise sap 15 SP6
150500.3.6.1
fixed
suse enterprise sap 15 SP7
150500.3.6.1
fixed
suse enterprise server 15 SP5
150500.3.6.1
fixed
suse enterprise server 15 SP6
150500.3.6.1
fixed
suse enterprise server 15 SP7
150500.3.6.1
fixed
libpolkit-gobject-1-0-121
suse enterprise desktop 15 SP6
150500.3.6.1
fixed
suse enterprise desktop 15 SP7
150500.3.6.1
fixed
suse enterprise sap 15 SP6
150500.3.6.1
fixed
suse enterprise sap 15 SP7
150500.3.6.1
fixed
suse enterprise server 15 SP5
150500.3.6.1
fixed
suse enterprise server 15 SP6
150500.3.6.1
fixed
suse enterprise server 15 SP7
150500.3.6.1
fixed
libpolkit0
suse enterprise sap 15 SP3
0.116-150200.3.15.1
fixed
suse enterprise sap 15 SP4
0.116-150200.3.15.1
fixed
suse enterprise server 12 SP3
0.113-5.30.1
fixed
suse enterprise server 12 SP5
0.113-5.30.1
fixed
suse enterprise server 15 SP2
0.116-150200.3.15.1
fixed
suse enterprise server 15 SP3
0.116-150200.3.15.1
fixed
suse enterprise server 15 SP4
0.116-150200.3.15.1
fixed
pkexec-121
suse enterprise desktop 15 SP6
150500.3.6.1
fixed
suse enterprise desktop 15 SP7
150500.3.6.1
fixed
suse enterprise sap 15 SP6
150500.3.6.1
fixed
suse enterprise sap 15 SP7
150500.3.6.1
fixed
suse enterprise server 15 SP5
150500.3.6.1
fixed
suse enterprise server 15 SP6
150500.3.6.1
fixed
suse enterprise server 15 SP7
150500.3.6.1
fixed
polkit
suse enterprise sap 15 SP3
0.116-150200.3.15.1
fixed
suse enterprise sap 15 SP4
0.116-150200.3.15.1
fixed
suse enterprise server 12 SP3
0.113-5.30.1
fixed
suse enterprise server 12 SP5
0.113-5.30.1
fixed
suse enterprise server 15 SP2
0.116-150200.3.15.1
fixed
suse enterprise server 15 SP3
0.116-150200.3.15.1
fixed
suse enterprise server 15 SP4
0.116-150200.3.15.1
fixed
polkit-121
suse enterprise desktop 15 SP6
150500.3.6.1
fixed
suse enterprise desktop 15 SP7
150500.3.6.1
fixed
suse enterprise sap 15 SP6
150500.3.6.1
fixed
suse enterprise sap 15 SP7
150500.3.6.1
fixed
suse enterprise server 15 SP5
150500.3.6.1
fixed
suse enterprise server 15 SP6
150500.3.6.1
fixed
suse enterprise server 15 SP7
150500.3.6.1
fixed
polkit-devel
suse enterprise sap 15 SP3
0.116-150200.3.15.1
fixed
suse enterprise sap 15 SP4
0.116-150200.3.15.1
fixed
suse enterprise server 12 SP5
0.113-5.30.1
fixed
suse enterprise server 15 SP2
0.116-150200.3.15.1
fixed
suse enterprise server 15 SP3
0.116-150200.3.15.1
fixed
suse enterprise server 15 SP4
0.116-150200.3.15.1
fixed
polkit-devel-121
suse enterprise desktop 15 SP6
150500.3.6.1
fixed
suse enterprise desktop 15 SP7
150500.3.6.1
fixed
suse enterprise sap 15 SP6
150500.3.6.1
fixed
suse enterprise sap 15 SP7
150500.3.6.1
fixed
suse enterprise server 15 SP5
150500.3.6.1
fixed
suse enterprise server 15 SP6
150500.3.6.1
fixed
suse enterprise server 15 SP7
150500.3.6.1
fixed
typelib-1_0-Polkit-1_0
suse enterprise sap 15 SP3
0.116-150200.3.15.1
fixed
suse enterprise sap 15 SP4
0.116-150200.3.15.1
fixed
suse enterprise server 12 SP3
0.113-5.30.1
fixed
suse enterprise server 12 SP5
0.113-5.30.1
fixed
suse enterprise server 15 SP2
0.116-150200.3.15.1
fixed
suse enterprise server 15 SP3
0.116-150200.3.15.1
fixed
suse enterprise server 15 SP4
0.116-150200.3.15.1
fixed
typelib-1_0-Polkit-1_0-121
suse enterprise desktop 15 SP6
150500.3.6.1
fixed
suse enterprise desktop 15 SP7
150500.3.6.1
fixed
suse enterprise sap 15 SP6
150500.3.6.1
fixed
suse enterprise sap 15 SP7
150500.3.6.1
fixed
suse enterprise server 15 SP5
150500.3.6.1
fixed
suse enterprise server 15 SP6
150500.3.6.1
fixed
suse enterprise server 15 SP7
150500.3.6.1
fixed
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2025-7519
https://bugzilla.redhat.com/show_bug.cgi?id=2379675
https://github.com/polkit-org/polkit/commit/107d3801361b9f9084f78710178e683391f1d245
https://github.com/polkit-org/polkit/pull/570