fkie_cve-2025-3931
Vulnerability from fkie_nvd
Published
2025-05-14 12:15
Modified
2025-07-25 22:15
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks, allowing every system user to call it. One available Yggdrasil worker acts as a package manager with capabilities to create and enable new repositories and install or remove packages. This flaw allows an attacker with access to the system to leverage the lack of authentication on the dispatch message to force the Yggdrasil worker to install arbitrary RPM packages. This issue results in local privilege escalation, enabling the attacker to access and modify sensitive system data.
References
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:7592
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2025-3931
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2362345
secalert@redhat.comhttps://github.com/RedHatInsights/yggdrasil/pull/336
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children\u0027s \"worker\" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks, allowing every system user to call it. One available Yggdrasil worker acts as a package manager with capabilities to create and enable new repositories and install or remove packages. \n\nThis flaw allows an attacker with access to the system to leverage the lack of authentication on the dispatch message to force the Yggdrasil worker to install arbitrary RPM packages. This issue results in local privilege escalation, enabling the attacker to access and modify sensitive system data."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 una falla en Yggdrasil, que act\u00faa como intermediario del sistema, permitiendo que los procesos se comuniquen con los procesos \"worker\" de otros subordinados a trav\u00e9s del componente DBus. Yggdrasil crea un m\u00e9todo DBus para enviar mensajes a los trabajadores. Sin embargo, omite las comprobaciones de autenticaci\u00f3n y autorizaci\u00f3n, lo que permite que cualquier usuario del sistema lo invoque. Un trabajador de Yggdrasil disponible act\u00faa como gestor de paquetes, con la capacidad de crear y habilitar nuevos repositorios e instalar o eliminar paquetes. Esta falla permite a un atacante con acceso al sistema aprovechar la falta de autenticaci\u00f3n en el mensaje de env\u00edo para forzar al trabajador de Yggdrasil a instalar paquetes RPM arbitrarios. Este problema provoca una escalada de privilegios local, lo que permite al atacante acceder y modificar datos confidenciales del sistema."
    }
  ],
  "id": "CVE-2025-3931",
  "lastModified": "2025-07-25T22:15:25.153",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-05-14T12:15:19.493",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:7592"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/security/cve/CVE-2025-3931"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362345"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://github.com/RedHatInsights/yggdrasil/pull/336"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-280"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.