CVE-2025-5791

Summary

A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list.

Affected Software

VendorProductVersion RangeStatus
0.8.0 < 0.11.1affected
Red HatRed Hat OpenShift sandboxed containers 1.1sha256:a6f29da891174e57fcfd131da7aa90c50459ba24164111b83120a1b91f2eabba < *unaffected

Weaknesses

  • CWE-266: Incorrect Privilege Assignment

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References