CVE-2025-66005

Summary

Lack of authorization of the InputManager D-Bus interface in InputPlumber versions before v0.63.0 can lead to local Denial-of-Service, information leak or even privilege escalation in the context of the currently active user session.

Affected Software

VendorProductVersion RangeStatus
https://github.com/ShadowBlipinputplumber? < 0.63.0affected

Weaknesses

  • CWE-863: CWE-863: Improper Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References