PT-2026-1735 · Polkit · Polkit
Matthias Gerstner
·
Published
2026-01-09
·
Updated
2026-01-14
·
CVE-2025-14338
CVSS v4.0
8.5
High
| Vector | AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Polkit versions prior to 0.69.0
Description
A race condition exists in the Polkit authorization check. This issue, present in versions before 0.69.0, can lead to similar problems as those described in CVE-2025-66005. Polkit authentication is disabled by default.
Recommendations
Update to version 0.69.0 or later.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Polkit