How severe is CVE-2025-1390?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.1 out of 10.

What type of vulnerability is CVE-2025-1390?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2025-1390 - MEDIUM Severity | CVSS 6.1

Vulnerability Description

The PAM module pam_cap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to security risks. Attackers can exploit this vulnerability to achieve local privilege escalation on systems where /etc/security/capability.conf is used to configure user inherited privileges by constructing specific usernames.

Related Vulnerabilities

CVE-2014-8168

MEDIUM

CVSS:6.1(Medium)

Red Hat Satellite 6 allows local users to access mongod and delete pulp_database.

CWE-2842014

CVE-2014-9717

MEDIUM

CVSS:6.1(Medium)

fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allows local users to bypass intended access restri...

CWE-2842014

CVE-2016-1492

MEDIUM

CVSS:6.1(Medium)

The Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for Android, when configured to receive files, does not require a password, which makes it easier for remote attackers to obtain access by leveragin...

CWE-2842016

CVE-2016-5606

MEDIUM

CVSS:6.1(Medium)

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Kernel Zones.

CWE-2842016

CVE-2016-5622

MEDIUM

CVSS:6.1(Medium)

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote attackers...

CWE-2842016

CVE-2016-7223

MEDIUM

CVSS:6.1(Medium)

Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files,...

CWE-2842016