Search criteria
3 vulnerabilities found for SimGear by FlightGear
FKIE_CVE-2025-0781
Vulnerability from fkie_nvd - Published: 2025-01-28 17:15 - Updated: 2025-08-06 19:25
Severity ?
8.6 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| flightgear | simgear | * | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flightgear:simgear:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A533033C-22CB-4ECE-AA41-C548E6B33B6E",
"versionEndIncluding": "2020.3.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level."
},
{
"lang": "es",
"value": "Un atacante puede eludir la sandbox de Nasal scripts y escribir arbitrariamente en cualquier ruta de archivo que el usuario tenga permiso para modificar en el nivel operativo sistema."
}
],
"id": "CVE-2025-0781",
"lastModified": "2025-08-06T19:25:13.783",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0,
"source": "cve@gitlab.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-01-28T17:15:25.947",
"references": [
{
"source": "cve@gitlab.com",
"tags": [
"Patch"
],
"url": "https://gitlab.com/flightgear/flightgear/-/commit/ad37afce28083fad7f79467b3ffdead753584358"
},
{
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
],
"url": "https://gitlab.com/flightgear/flightgear/-/issues/3025"
},
{
"source": "cve@gitlab.com",
"tags": [
"Patch"
],
"url": "https://gitlab.com/flightgear/simgear/-/commit/5bb023647114267141a7610e8f1ca7d6f4f5a5a8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00029.html"
}
],
"sourceIdentifier": "cve@gitlab.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "cve@gitlab.com",
"type": "Secondary"
}
]
}
CVE-2025-0781 (GCVE-0-2025-0781)
Vulnerability from cvelistv5 – Published: 2025-01-28 16:34 – Updated: 2025-02-12 20:01
VLAI?
Title
Incorrect Authorization in SimGear
Summary
An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level.
Severity ?
8.6 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FlightGear | SimGear |
Affected:
0 , ≤ 2020.3.19
(semver)
|
Credits
Florent Rougon
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-01-29T22:02:34.292Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00028.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00029.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0781",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T17:02:59.957883Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:01:11.702Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SimGear",
"vendor": "FlightGear",
"versions": [
{
"lessThanOrEqual": "2020.3.19",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Florent Rougon"
}
],
"descriptions": [
{
"lang": "en",
"value": "An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T16:34:21.881Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://gitlab.com/flightgear/simgear/-/commit/5bb023647114267141a7610e8f1ca7d6f4f5a5a8"
},
{
"url": "https://gitlab.com/flightgear/flightgear/-/commit/ad37afce28083fad7f79467b3ffdead753584358"
},
{
"name": "GitLab Issue #3025",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/flightgear/flightgear/-/issues/3025"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FlightGear version 2020.3.20 or 2024.1.1."
}
],
"title": "Incorrect Authorization in SimGear"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2025-0781",
"datePublished": "2025-01-28T16:34:21.881Z",
"dateReserved": "2025-01-28T13:04:32.712Z",
"dateUpdated": "2025-02-12T20:01:11.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0781 (GCVE-0-2025-0781)
Vulnerability from nvd – Published: 2025-01-28 16:34 – Updated: 2025-02-12 20:01
VLAI?
Title
Incorrect Authorization in SimGear
Summary
An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level.
Severity ?
8.6 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FlightGear | SimGear |
Affected:
0 , ≤ 2020.3.19
(semver)
|
Credits
Florent Rougon
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-01-29T22:02:34.292Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00028.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00029.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0781",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T17:02:59.957883Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:01:11.702Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SimGear",
"vendor": "FlightGear",
"versions": [
{
"lessThanOrEqual": "2020.3.19",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Florent Rougon"
}
],
"descriptions": [
{
"lang": "en",
"value": "An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T16:34:21.881Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://gitlab.com/flightgear/simgear/-/commit/5bb023647114267141a7610e8f1ca7d6f4f5a5a8"
},
{
"url": "https://gitlab.com/flightgear/flightgear/-/commit/ad37afce28083fad7f79467b3ffdead753584358"
},
{
"name": "GitLab Issue #3025",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/flightgear/flightgear/-/issues/3025"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FlightGear version 2020.3.20 or 2024.1.1."
}
],
"title": "Incorrect Authorization in SimGear"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2025-0781",
"datePublished": "2025-01-28T16:34:21.881Z",
"dateReserved": "2025-01-28T13:04:32.712Z",
"dateUpdated": "2025-02-12T20:01:11.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}