Home

Description

A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly.

PUBLISHED Reserved 2025-07-11 | Published 2025-07-14 | Updated 2026-02-26 | Assigner redhat




MEDIUM: 6.7CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem types

Out-of-bounds Write

Product status

Default status
unaffected

Any version
affected

Default status
affected

Default status
unknown

Default status
unknown

Default status
affected

Default status
affected

Default status
affected

Timeline

2025-07-11:Reported to Red Hat.
2025-07-11:Made public.

Credits

Red Hat would like to thank Mohamed Maatallah (Independent security researcher) for reporting this issue.

References

access.redhat.com/security/cve/CVE-2025-7519 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2379675 (RHBZ#2379675) issue-tracking

github.com/...ommit/107d3801361b9f9084f78710178e683391f1d245

github.com/polkit-org/polkit/pull/570

cve.org (CVE-2025-7519)

nvd.nist.gov (CVE-2025-7519)

Download JSON