CVE Vulnerabilities

CVE-2025-5791

Incorrect Privilege Assignment

Published: Jun 06, 2025 | Modified: Jun 09, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
7.1 IMPORTANT
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Ubuntu
MEDIUM
root.io minimus.io echohq.com

A flaw was found in the users crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list.

Weakness

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Potential Mitigations

References