CVE-2025-23394

Summary

A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root.This issue affects openSUSE Tumbleweed cyrus-imapd before 3.8.4-2.1.

Affected Software

VendorProductVersion RangeStatus
SUSEopenSUSE Tumbleweed? < 3.8.4-2.1affected

Weaknesses

  • CWE-61: CWE-61: UNIX Symbolic Link (Symlink) Following

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References