VDB
CVE-2021-25322
CVE-2021-25322
PUBLISHED
A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to root. This issue affects: openSUSE Leap 15.2 python-HyperKitty version 1.3.2-lp152.2.3.1 and prior versions. openSUSE Factory python-HyperKitty versions prior to 1.3.4-5.1.
EPSS 0.03% · 10.9th percentile
Risk Scores
EPSS Score
0.03%
10.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | hyperkitty | 0, 1.1.4-4, 1.1.4-3 |
| Ubuntu:24.04:LTS | hyperkitty | 0, 1.3.7-1ubuntu2 |
| Ubuntu:25.10 | hyperkitty | 0, 1.3.12-3ubuntu1, 1.3.12-3 |
| Ubuntu:20.04:LTS | hyperkitty | 1.3.2-1, 1.3.0-1.1ubuntu1, 0 |
| Ubuntu:22.04:LTS | hyperkitty | 1.3.4-4, 0, 1.3.5-1+really1.3.4-1 |
Exploit Intelligence
Timeline
- Jun 10, 2021 CVE Published
- Jun 11, 2021 EPSS Score
- Aug 12, 2021 EPSS Score
- Oct 12, 2021 EPSS Score
- Dec 11, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 12, 2022 EPSS Score
- Jun 12, 2022 EPSS Score
- Aug 12, 2022 EPSS Score
- Oct 12, 2022 EPSS Score
- Dec 12, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-25322 third-party-advisory
- https://bugzilla.suse.com/show_bug.cgi?id=1182373 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-25322 third-party-advisory