PT-2025-16539 · Hydra · Hydra
Knedlsepp
·
Published
2025-04-15
·
Updated
2025-04-16
·
CVE-2025-32435
CVSS v3.1
2.6
Low
| Vector | AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Hydra (affected versions not specified)
Description
The issue concerns the evaluation of untrusted non-flake Nix code in Hydra, a Continuous Integration service for Nix-based projects. This could potentially allow access to secrets accessible by the Hydra user or group. However, it is noted that signing keys, owned by the hydra-queue-runner and hydra-www users, should not be affected.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Eval Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hydra