CVE-2025-0781 (GCVE-0-2025-0781)

Vulnerability from cvelistv5 – Published: 2025-01-28 16:34 – Updated: 2025-02-12 20:01
VLAI?
Title
Incorrect Authorization in SimGear
Summary
An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level.
Severity ?
8.6 (High)
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CWE
  • CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
Vendor Product Version
FlightGear SimGear Affected: 0 , ≤ 2020.3.19 (semver)
Create a notification for this product.
Credits
Florent Rougon
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-01-29T22:02:34.292Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00028.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00029.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0781",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-28T17:02:59.957883Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T20:01:11.702Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "SimGear",
          "vendor": "FlightGear",
          "versions": [
            {
              "lessThanOrEqual": "2020.3.19",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Florent Rougon"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863: Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-28T16:34:21.881Z",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://gitlab.com/flightgear/simgear/-/commit/5bb023647114267141a7610e8f1ca7d6f4f5a5a8"
        },
        {
          "url": "https://gitlab.com/flightgear/flightgear/-/commit/ad37afce28083fad7f79467b3ffdead753584358"
        },
        {
          "name": "GitLab Issue #3025",
          "tags": [
            "issue-tracking",
            "permissions-required"
          ],
          "url": "https://gitlab.com/flightgear/flightgear/-/issues/3025"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to FlightGear version 2020.3.20 or 2024.1.1."
        }
      ],
      "title": "Incorrect Authorization in SimGear"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2025-0781",
    "datePublished": "2025-01-28T16:34:21.881Z",
    "dateReserved": "2025-01-28T13:04:32.712Z",
    "dateUpdated": "2025-02-12T20:01:11.702Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-0781\",\"sourceIdentifier\":\"cve@gitlab.com\",\"published\":\"2025-01-28T17:15:25.947\",\"lastModified\":\"2025-08-06T19:25:13.783\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level.\"},{\"lang\":\"es\",\"value\":\"Un atacante puede eludir la sandbox de Nasal scripts y escribir arbitrariamente en cualquier ruta de archivo que el usuario tenga permiso para modificar en el nivel operativo sistema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@gitlab.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.9,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.1,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"cve@gitlab.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:flightgear:simgear:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2020.3.19\",\"matchCriteriaId\":\"A533033C-22CB-4ECE-AA41-C548E6B33B6E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}],\"references\":[{\"url\":\"https://gitlab.com/flightgear/flightgear/-/commit/ad37afce28083fad7f79467b3ffdead753584358\",\"source\":\"cve@gitlab.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://gitlab.com/flightgear/flightgear/-/issues/3025\",\"source\":\"cve@gitlab.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://gitlab.com/flightgear/simgear/-/commit/5bb023647114267141a7610e8f1ca7d6f4f5a5a8\",\"source\":\"cve@gitlab.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/01/msg00028.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/01/msg00029.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"title\": \"Incorrect Authorization in SimGear\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level.\"}], \"affected\": [{\"vendor\": \"FlightGear\", \"product\": \"SimGear\", \"versions\": [{\"version\": \"0\", \"status\": \"affected\", \"lessThanOrEqual\": \"2020.3.19\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-863: Incorrect Authorization\", \"cweId\": \"CWE-863\", \"type\": \"CWE\"}]}], \"references\": [{\"url\": \"https://gitlab.com/flightgear/simgear/-/commit/5bb023647114267141a7610e8f1ca7d6f4f5a5a8\"}, {\"url\": \"https://gitlab.com/flightgear/flightgear/-/commit/ad37afce28083fad7f79467b3ffdead753584358\"}, {\"url\": \"https://gitlab.com/flightgear/flightgear/-/issues/3025\", \"name\": \"GitLab Issue #3025\", \"tags\": [\"issue-tracking\", \"permissions-required\"]}], \"metrics\": [{\"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}], \"cvssV3_1\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 8.6, \"baseSeverity\": \"HIGH\"}}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Upgrade to FlightGear version 2020.3.20 or 2024.1.1.\"}], \"credits\": [{\"lang\": \"en\", \"value\": \"Florent Rougon\", \"type\": \"finder\"}], \"providerMetadata\": {\"orgId\": \"ceab7361-8a18-47b1-92ba-4d7d25f6715a\", \"shortName\": \"GitLab\", \"dateUpdated\": \"2025-01-28T16:34:21.881Z\"}}, \"adp\": [{\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-0781\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-28T17:02:59.957883Z\"}}}], \"providerMetadata\": {\"shortName\": \"CISA-ADP\", \"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"dateUpdated\": \"2025-02-12T19:53:09.512Z\"}, \"title\": \"CISA ADP Vulnrichment\"}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-0781\", \"assignerOrgId\": \"ceab7361-8a18-47b1-92ba-4d7d25f6715a\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"GitLab\", \"dateReserved\": \"2025-01-28T13:04:32.712Z\", \"datePublished\": \"2025-01-28T16:34:21.881Z\", \"dateUpdated\": \"2025-01-29T22:02:34.292Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.