How severe is CVE-2022-25328?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.3 out of 10.

What type of vulnerability is CVE-2022-25328?

This is classified as CWE-78, which is a common weakness in software security.

CVE-2022-25328 - HIGH Severity | CVSS 7.3

Vulnerability Description

The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoint path and if the system administrator happens to be using the fscrypt bash completion script to complete mountpoint paths. We recommend upgrading to version 0.3.3 or above

Related Vulnerabilities

CVE-2019-18934

HIGH

CVSS:7.3(High)

Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was ...

CWE-782019

CVE-2020-28426

HIGH

CVSS:7.3(High)

All versions of package kill-process-on-port are vulnerable to Command Injection via a.getProcessPortId.

CWE-782020

CVE-2020-7778

HIGH

CVSS:7.3(High)

This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands.

CWE-782020

CVE-2021-23380

HIGH

CVSS:7.3(High)

This affects all versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker to exec...

CWE-782021

CVE-2021-33633

HIGH

CVSS:7.3(High)

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler aops-ceres on Linux allows Command Injection. This vulnerability is associated wit...

CWE-782021

CVE-2021-43266

HIGH

CVSS:7.3(High)

In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting collections via PDF export could lead to code execution via shell metacharacters in a collection name. Additional, in Mahara before 2...

CWE-782021