Main Vulnerability Database Vulnerabilities #VU112437

#VU112437 Permissions, Privileges, and Access Controls in yggdrasil - CVE-2025-3931

Published: July 7, 2025

Vulnerability identifier: #VU112437

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-3931

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
yggdrasil

Software vendor:
Red Hat Inc.

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the application uses the DBus method to dispatch messages to workers however fails to perform authentication and authorization checks. A local user can create and enable new repositories and install or remove packages.

Remediation

Install updates from vendor's website.

External links

https://bugzilla.redhat.com/show_bug.cgi?id=2362345
https://github.com/advisories/GHSA-rpg2-jvhp-h354

#VU112437 Permissions, Privileges, and Access Controls in yggdrasil - CVE-2025-3931

Description

Remediation

External links

Please verify you're human