PT-2025-16395 · Nixos · Nixos
Sudobash418
·
Published
2025-04-15
·
Updated
2025-04-16
·
CVE-2025-32438
CVSS v3.1
8.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
NixOS versions prior to 24.11 and 25.05
Description
The issue is a local privilege escalation affecting all NixOS users, where a local user can create a program to be executed by root during shutdown when
systemd.shutdownRamfs.enable is enabled, which is the default setting.Recommendations
For versions prior to 24.11 and 25.05, apply the existing patches.
As a temporary workaround for all affected versions, set
systemd.shutdownRamfs.enable to false.Exploit
Fix
LPE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Nixos