Polkit: xml policy file with a large number of nested...

Polkit: xml policy file with a large number of nested elements may lead to out-of-bounds write

July 14, 2025 invoker category_cve

CVE Details

Basic Information

Title	Polkit: xml policy file with a large number of nested elements may lead to out-of-bounds write
Type	cve
Published	2025-07-14T13:35:21.280Z
Modified	2025-07-14T14:28:52.903Z

Product Information

Vendor	Red Hat
Product	Red Hat Enterprise Linux 10

CVSS Information

Base Score	6.7 (MEDIUM)
Attack Vector	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Additional Information

CWE List	CWE-787
Source	redhat

Description

A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it’s required to place the malicious policy file properly.

References

https://access.redhat.com/security/cve/CVE-2025-7519
https://bugzilla.redhat.com/show_bug.cgi?id=2379675

View Full CVE Details