CVE-2025-32438

HIGH Year: 2025
CVSS v3 Score
8.8
High
Weakness Type
CWE-378
View all →

Vulnerability Description

make-initrd-ng is a tool for copying binaries and their dependencies. Local privilege escalation affecting all NixOS users. With systemd.shutdownRamfs.enable enabled (the default) a local user is able to create a program that will be executed by root during shutdown. Patches exist for NixOS 24.11 and 25.05 / unstable. As a workaround, set systemd.shutdownRamfs.enable = false;.

Related Vulnerabilities

CVE-2025-27148

HIGH
CVSS:8.8(High)

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can be created with open permissions that a...

CWE-3782025

CVE-2016-9485

HIGH
CVSS:7.8(High)

On Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration i...

CWE-3782016

CVE-2021-1426

HIGH
CVSS:7.8(High)

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executabl...

CWE-3782021

CVE-2021-1427

HIGH
CVSS:7.8(High)

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executabl...

CWE-3782021

CVE-2021-1428

HIGH
CVSS:7.8(High)

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executabl...

CWE-3782021

CVE-2021-1429

HIGH
CVSS:7.8(High)

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executabl...

CWE-3782021