CVE-2025-7519
Vulnerability
CVE-2025-7519
polkit: XML policy file with a large number of nested elements may lead to out-of-bounds write
ecosystem: redhat:6, redhat:7, redhat:8, redhat:9, redhat:10A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly.
References
- secalert@redhat.com: https://access.redhat.com/security/cve/CVE-2025-7519
- secalert@redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2379675
- secalert@redhat.com: https://nvd.nist.gov/vuln/detail/CVE-2025-7519
- secalert@redhat.com: https://www.cve.org/CVERecord?id=CVE-2025-7519
type: vendor
source: secalert@redhat.com
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
| AV | Local | |
|---|---|---|
| AC | Low | |
| PR | High | |
| UI | None | |
| S | Not Changed | |
| C | High | |
| I | High | |
| A | High |
source: secalert@redhat.com
Out-of-bounds Write
source: secalert@redhat.com
published: 2025-07-11 00:00:00
modified: 2025-07-14 21:51:45
Detection
OR
polkit
package type: source
tag: rhel-10:df6dd1fd-588d-820a-9e18-ee0f8b5f13b0
OR
polkit
package type: source
tag: rhel-6-els:af565725-2796-cc66-6398-e9cd5803b9f3
OR
polkit
package type: source
tag: rhel-7-extras-including-unpatched:f6706f66-0096-cc66-67ec-14d794c2399c
OR
polkit
package type: source
tag: rhel-8-including-unpatched:afd3dd01-2d96-cc66-8dec-9a10c930401d
OR
polkit
package type: source
tag: rhel-9-including-unpatched:387de2d1-c696-cc66-925c-3d9896624c8e
Data Sources
- RedHat Enterprise Linux CSAF VEX
redhat-vex
