Privilege Dropping / Lowering Errors in nix - CVE-2025-53819
Published: April 8, 2026
Vulnerability identifier: #VU125374
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-53819
CWE-ID: CWE-271
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: nixos.org
Affected software:
nix
nix
Detailed vulnerability description
The vulnerability allows a local user to execute builds with elevated privileges.
The vulnerability exists due to privilege dropping / lowering errors in the build user privilege dropping mechanism when executing builds on macOS. A local user can trigger a build to execute it as root to execute builds with elevated privileges.
On affected macOS systems, builds were executed as root instead of the intended build users.
How to mitigate CVE-2025-53819
Install security update from vendor's website.