Main Vulnerability Database Vulnerabilities #VU112437

Permissions, Privileges, and Access Controls in yggdrasil - CVE-2025-3931

Published: July 7, 2025

Vulnerability identifier: #VU112437

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-3931

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Red Hat Inc.

Affected software:
yggdrasil

Detailed vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the application uses the DBus method to dispatch messages to workers however fails to perform authentication and authorization checks. A local user can create and enable new repositories and install or remove packages.

How to mitigate CVE-2025-3931

Install updates from vendor's website.

Sources

https://bugzilla.redhat.com/show_bug.cgi?id=2362345
https://github.com/advisories/GHSA-rpg2-jvhp-h354

Permissions, Privileges, and Access Controls in yggdrasil - CVE-2025-3931

Detailed vulnerability description

How to mitigate CVE-2025-3931

Sources

Please verify you're human