Main Vulnerability Database Vulnerabilities #VU121635

Incorrect authorization in FlightGear - CVE-2025-0781

Published: January 16, 2026

Vulnerability identifier: #VU121635

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2025-0781

CWE-ID: CWE-863

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: FlightGear

Affected software:
FlightGear

Detailed vulnerability description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect permission checks. A remote attacker can trick the victim into loading a specially crafted Nasal script that bypassed sandboxing rules and allows an attacker to write to any file path that the user has permission to modify at the operating-system level

How to mitigate CVE-2025-0781

Install updates from vendor's website.

Sources

https://gitlab.com/flightgear/flightgear/-/commit/ad37afce28083fad7f79467b3ffdead753584358
https://gitlab.com/flightgear/flightgear/-/issues/3025
https://gitlab.com/flightgear/simgear/-/commit/5bb023647114267141a7610e8f1ca7d6f4f5a5a8

Incorrect authorization in FlightGear - CVE-2025-0781

Detailed vulnerability description

How to mitigate CVE-2025-0781

Sources

Please verify you're human