Main Vulnerability Database Vulnerabilities #VU121635

#VU121635 Incorrect authorization in FlightGear - CVE-2025-0781

Published: January 16, 2026

Vulnerability identifier: #VU121635

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2025-0781

CWE-ID: CWE-863

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FlightGear

Software vendor:
FlightGear

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect permission checks. A remote attacker can trick the victim into loading a specially crafted Nasal script that bypassed sandboxing rules and allows an attacker to write to any file path that the user has permission to modify at the operating-system level

Remediation

Install updates from vendor's website.

External links

https://gitlab.com/flightgear/flightgear/-/commit/ad37afce28083fad7f79467b3ffdead753584358
https://gitlab.com/flightgear/flightgear/-/issues/3025
https://gitlab.com/flightgear/simgear/-/commit/5bb023647114267141a7610e8f1ca7d6f4f5a5a8

#VU121635 Incorrect authorization in FlightGear - CVE-2025-0781

Description

Remediation

External links

Please verify you're human