CVE-2026-25710

EUVD-2026-29919
The new upstream added a privileged D-Bus
helper called plasmaloginauthhelper, which suffers from multiple issues, e.g.aA compromised plasmalogin service account can chown() arbitrary files in the system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Common Weakness Enumeration
References
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-25710
https://security.opensuse.org/2026/04/27/plasma-login-manager.html#6-upstream-bugfix
http://www.openwall.com/lists/oss-security/2026/04/27/1