CVE-2025-5791

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions user's crate for Rust (affected versions not specified)

Description A flaw was found in the user's crate for Rust, allowing privilege escalation via incorrect group listing. This occurs when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-266

Related Identifiers

AZL-63771

AZL-63848

BDU:2025-10734

CVE-2025-5791

GHSA-JQ8X-V7JW-V675

GHSA-M65Q-V92H-CM7Q

OPENSUSE-SU-2025:15217-1

OPENSUSE-SU-2025:15246-1

OPENSUSE-SU-2025:15335-1

OPENSUSE-SU-2025:15412-1

OPENSUSE-SU-2025:15628-1

RUSTSEC-2025-0040

SUSE-RU-2025:20961-1

SUSE-RU-2025:21046-1

SUSE-SU-2025:02166-1

SUSE-SU-2025:3783-1

SUSE-SU-2025:3784-1

SUSE-SU-2025:3785-1

SUSE-SU-2025:3786-1

SUSE-SU-2025_02166-1

Affected Products

Suse

User'S Crate

CVE-2025-5791

Weakness Enumeration

Related Identifiers

Affected Products

References · 55