PT-2025-4765 · Unknown · Fedora Repository
Matthew Galligan
·
Published
2025-01-23
·
Updated
2025-01-24
·
CVE-2025-23012
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Fedora Repository versions 3.8.x
Description
The issue concerns a service account named
fedoraIntCallUser with default credentials and privileges that allow reading local files by manipulating datastreams. It is recommended to migrate to a currently supported version. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.Recommendations
For Fedora Repository versions 3.8.x, migrate to a currently supported version, such as 6.5.1, to resolve the issue. As a temporary workaround, consider restricting the privileges of the
fedoraIntCallUser service account to minimize the risk of exploitation.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fedora Repository