{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-5791", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2025-06-06T08:09:10.242Z", "datePublished": "2025-06-06T13:10:07.157Z", "dateUpdated": "2025-07-31T15:36:08.719Z"}, "containers": {"cna": {"title": "Users: `root` appended to group listings", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat OpenShift sandboxed containers 1.1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "sha256:a6f29da891174e57fcfd131da7aa90c50459ba24164111b83120a1b91f2eabba", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:confidential_compute_attestation:1.10::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rust-ssh-key-dir", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:10"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rust-afterburn", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kata-containers", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rust-afterburn", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat Trusted Profile Analyzer", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhtpa/rhtpa-trustification-service-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:trusted_profile_analyzer:1"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:12359", "name": "RHSA-2025:12359", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2025-5791", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370001", "name": "RHBZ#2370001", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://crates.io/crates/users"}, {"url": "https://github.com/ogham/rust-users/issues/44"}, {"url": "https://rustsec.org/advisories/RUSTSEC-2025-0040.html"}], "datePublic": "2025-01-15T12:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-266", "description": "Incorrect Privilege Assignment", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-266: Incorrect Privilege Assignment", "timeline": [{"lang": "en", "time": "2025-06-03T13:02:24.781295+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-01-15T12:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-07-31T15:36:08.719Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-06T13:40:43.009202Z", "id": "CVE-2025-5791", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-06T13:40:47.773Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-5791", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-06T13:40:43.009202Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-06T13:40:44.958Z"}}], "cna": {"title": "Users: `root` appended to group listings", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:/a:redhat:confidential_compute_attestation:1.10::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift sandboxed containers 1.1", "versions": [{"status": "unaffected", "version": "sha256:a6f29da891174e57fcfd131da7aa90c50459ba24164111b83120a1b91f2eabba", "lessThan": "*", "versionType": "rpm"}], "packageName": "registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:10"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "packageName": "rust-ssh-key-dir", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "rust-afterburn", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "kata-containers", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "rust-afterburn", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:trusted_profile_analyzer:1"], "vendor": "Red Hat", "product": "Red Hat Trusted Profile Analyzer", "packageName": "rhtpa/rhtpa-trustification-service-rhel9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2025-06-03T13:02:24.781295+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-01-15T12:00:00+00:00", "value": "Made public."}], "datePublic": "2025-01-15T12:00:00.000Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:12359", "name": "RHSA-2025:12359", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2025-5791", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370001", "name": "RHBZ#2370001", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://crates.io/crates/users"}, {"url": "https://github.com/ogham/rust-users/issues/44"}, {"url": "https://rustsec.org/advisories/RUSTSEC-2025-0040.html"}], "descriptions": [{"lang": "en", "value": "A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-266", "description": "Incorrect Privilege Assignment"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-07-31T15:36:08.719Z"}, "x_redhatCweChain": "CWE-266: Incorrect Privilege Assignment"}}, "cveMetadata": {"cveId": "CVE-2025-5791", "state": "PUBLISHED", "dateUpdated": "2025-07-31T15:36:08.719Z", "dateReserved": "2025-06-06T08:09:10.242Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2025-06-06T13:10:07.157Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en el crate del usuario para Rust. Esta vulnerabilidad permite la escalada de privilegios mediante una lista de grupos incorrecta cuando un usuario o proceso tiene menos de exactamente 1024 grupos, lo que provoca la inclusi\u00f3n err\u00f3nea del grupo ra\u00edz en la lista de acceso."}], "id": "CVE-2025-5791", "lastModified": "2025-07-31T16:15:31.793", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2025-06-06T14:15:23.137", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:12359"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2025-5791"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370001"}, {"source": "secalert@redhat.com", "url": "https://crates.io/crates/users"}, {"source": "secalert@redhat.com", "url": "https://github.com/ogham/rust-users/issues/44"}, {"source": "secalert@redhat.com", "url": "https://rustsec.org/advisories/RUSTSEC-2025-0040.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-266"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"bugzilla": {"description": "users: `root` appended to group listings", "id": "2370001", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370001"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "status": "draft"}, "cwe": "CWE-266", "details": ["A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list.", "A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list."], "name": "CVE-2025-5791", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Will not fix", "package_name": "rust-ssh-key-dir", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "rust-afterburn", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "kata-containers", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "rust-afterburn", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:trusted_profile_analyzer:1", "fix_state": "Affected", "package_name": "rhtpa/rhtpa-trustification-service-rhel9", "product_name": "Red Hat Trusted Profile Analyzer"}], "public_date": "2025-01-15T12:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-5791\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-5791\nhttps://crates.io/crates/users\nhttps://github.com/ogham/rust-users/issues/44\nhttps://rustsec.org/advisories/RUSTSEC-2025-0040.html"], "statement": "This vulnerability is rated as an important severity because a flaw in the users crate for Rust allows local privilege escalation. Specifically, when a user or process belongs to fewer than exactly 1024 groups, the crate\u2019s group listing logic incorrectly includes the root group in the access list. This erroneous behavior enables unauthorized processes or users to gain elevated privileges, compromising system confidentiality and integrity.", "threat_severity": "Important"}