How severe is CVE-2025-27612?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2025-27612?

This is classified as CWE-276, which is a common weakness in software security.

CVE-2025-27612

MEDIUM Year: 2025

CVSS v3 Score

5.9

Medium

Weakness Type

CWE-276

View all →

Vulnerability Description

libcontainer is a library for container control. Prior to libcontainer 0.5.3, while creating a tenant container, the tenant builder accepts a list of capabilities to be added in the spec of tenant container. The logic here adds the given capabilities to all capabilities of main container if present in spec, otherwise simply set provided capabilities as capabilities of the tenant container. However, setting inherited caps in any case for tenant container can lead to elevation of capabilities, similar to CVE-2022-29162. This does not affect youki binary itself. This is only applicable if you are using libcontainer directly and using the tenant builder.

CVE-2017-5622

MEDIUM

CVSS:5.9(Medium)

With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open u...

CWE-2762017

CVE-2019-0683

MEDIUM

CVSS:5.9(Medium)

An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from ...

CWE-2762019

CVE-2024-20921

MEDIUM

CVSS:5.9(Medium)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: ...

CWE-2762024

CVE-2024-39347

MEDIUM

CVSS:5.9(Medium)

Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensiti...

CWE-2762024

CVE-2024-46544

MEDIUM

CVSS:5.9(Medium)

Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and...

CWE-2762024

CVE-2022-36439

MEDIUM

CVSS:6.0(Medium)

AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers (running Windows) allows a local user to write into the Temp directory and delete another more privileged file via S...

CWE-2762022

CVE-2025-27612

Vulnerability Description

Related Vulnerabilities

CVE-2017-5622

CVE-2019-0683

CVE-2024-20921

CVE-2024-39347

CVE-2024-46544

CVE-2022-36439