CVE-2025-7519

CVSS v3.1

6.7

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: polkit (affected versions not specified)

Description: A flaw exists in polkit where processing an XML policy with 32 or more nested elements in depth can trigger an out-of-bounds write. This can lead to a crash or unexpected behavior, with the possibility of arbitrary code execution. Exploitation requires a high-privilege account to place a malicious policy file.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

AZL-65379

AZL-65415

BDU:2025-12602

CVE-2025-7519

OESA-2025-1914

OESA-2025-1915

OESA-2025-1916

OESA-2025-1917

OESA-2025-1918

OESA-2025-1919

OPENSUSE-SU-2026:10453-1

SUSE-SU-2025:02525-1

SUSE-SU-2025:02527-1

SUSE-SU-2025:02528-1

SUSE-SU-2025:20559-1

SUSE-SU-2025:20662-1

SUSE-SU-2025_02525-1

SUSE-SU-2025_02527-1

SUSE-SU-2025_02528-1

USN-8173-1

Affected Products

Debian

Linuxmint

Red Os

Suse

Ubuntu

Polkit

CVE-2025-7519

Weakness Enumeration

Related Identifiers

Affected Products

References · 52