How severe is CVE-2025-23222?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.4 out of 10.

What type of vulnerability is CVE-2025-23222?

This is classified as CWE-940, which is a common weakness in software security.

CVE-2025-23222 - HIGH Severity | CVSS 8.4

Vulnerability Description

An issue was discovered in Deepin dde-api-proxy through 1.0.19 in which unprivileged users can access D-Bus services as root. Specifically, dde-api-proxy runs as root and forwards messages from arbitrary local users to legacy D-Bus methods in the actual D-Bus services, and the actual D-Bus services don't know about the proxy situation (they believe that root is asking them to do things). Consequently several proxied methods, that shouldn't be accessible to non-root users, are accessible to non-root users. In situations where Polkit is involved, the caller would be treated as admin, resulting in a similar escalation of privileges.

Related Vulnerabilities

CVE-2022-4800

HIGH

CVSS:8.6(High)

Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.

CWE-9402022

CVE-2022-4848

HIGH

CVSS:8.6(High)

Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.

CWE-9402022

CVE-2023-3663

HIGH

CVSS:8.8(High)

In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might allow an unauthenticated remote attacker to manipulate the content of notifications received ...

CWE-9402023

CVE-2023-48387

HIGH

CVSS:8.8(High)

TAIWAN-CA(TWCA) JCICSecurityTool fails to check the source website and access locations when executing multiple Registry-related functions. In the scenario where a user is using the JCICSecurityTool a...

CWE-9402023

CVE-2024-40516

HIGH

CVSS:8.8(High)

An issue in H3C Technologies Co., Limited H3C Magic RC3000 RC3000V100R009 allows a remote attacker to execute arbitrary code via the Routing functionality.

CWE-9402024

CVE-2023-51440

HIGH

CVSS:7.5(High)

A vulnerability has been identified in SIMATIC CP 343-1 (6GK7343-1EX30-0XE0) (All versions), SIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0) (All versions), SIPLUS NET CP 343-1 (6AG1343-1EX30-7XE0) (All ve...

CWE-9402023