PT-2026-1852 · Unknown · Inputplumber
Matthias Gerstner
·
Published
2025-11-21
·
Updated
2026-01-14
·
CVE-2025-66005
CVSS v4.0
8.5
High
| Vector | AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
InputPlumber versions prior to 0.63.0
Description
A missing authorization check in the InputManager D-Bus interface of InputPlumber can result in local Denial-of-Service, information disclosure, or potential privilege escalation within the context of the active user session.
Recommendations
Update InputPlumber to version 0.63.0 or later.
Fix
DoS
Incorrect Authorization
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Inputplumber