VDB
CVE-2025-0781
CVE-2025-0781
PUBLISHED
CVSS 8.600000381469727 HIGH
An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level.
EPSS 0.04% · 13.0th percentile
Risk Scores
CVSS 3.1
8.600000381469727
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score
0.04%
13.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| flightgear | simgear | 0 |
| debian | debian_linux | 11.0 |
| FlightGear | SimGear | 0 |
Exploit Intelligence
- CIRCL seen: CVE-2025-0781 (circl-sighting)
- CIRCL seen: CVE-2025-0781 (circl-sighting)
- CIRCL seen: CVE-2025-0781 (circl-sighting)
- CIRCL seen: CVE-2025-0781 (circl-sighting)
- CIRCL seen: CVE-2025-0781 (circl-sighting)
- https://lists.debian.org/debian-lts-announce/2025/01/msg00028.html (circl)
- https://lists.debian.org/debian-lts-announce/2025/01/msg00029.html (circl)
- https://gitlab.com/flightgear/simgear/-/commit/5bb023647114267141a7610e8f1ca7d6f4f5a5a8 (circl)
- https://gitlab.com/flightgear/flightgear/-/commit/ad37afce28083fad7f79467b3ffdead753584358 (circl)
- GitLab Issue #3025 (circl)
Timeline
- Jan 21, 1970 Security Advisory
- Jan 28, 2025 CVE ID Reserved
- Jan 28, 2025 CVE Published
- Jan 28, 2025 PoC Published
- Jan 28, 2025 PoC Published
- Jan 28, 2025 PoC Published
- Jan 29, 2025 EPSS Score
- Feb 12, 2025 CVE Updated
- Feb 13, 2025 EPSS Score
- Feb 28, 2025 EPSS Score
- Mar 9, 2025 Coalition ESS Score
- Mar 15, 2025 EPSS Score
References
- https://gitlab.com/flightgear/simgear/-/commit/5bb023647114267141a7610e8f1ca7d6f4f5a5a8 url
- https://gitlab.com/flightgear/flightgear/-/commit/ad37afce28083fad7f79467b3ffdead753584358 url
- GitLab Issue #3025 issue
- https://lists.debian.org/debian-lts-announce/2025/01/msg00028.html url
- https://lists.debian.org/debian-lts-announce/2025/01/msg00029.html url
- https://nvd.nist.gov/vuln/detail/CVE-2025-0781 advisory