CVE-2025-5791
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
0.8.0 < 0.11.1 | affected | ||
| Red Hat | Red Hat OpenShift sandboxed containers 1.1 | sha256:a6f29da891174e57fcfd131da7aa90c50459ba24164111b83120a1b91f2eabba < * | unaffected |
Weaknesses
- CWE-266: Incorrect Privilege Assignment
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://access.redhat.com/errata/RHSA-2025:12359
- https://access.redhat.com/security/cve/CVE-2025-5791
- https://bugzilla.redhat.com/show_bug.cgi?id=2370001
- https://crates.io/crates/users
- https://github.com/ogham/rust-users/issues/44
- https://rustsec.org/advisories/RUSTSEC-2025-0040.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.