CVE-2025-32435 — LOW (2.6) — White Hats Nepal

Q: How severe is CVE-2025-32435?

CVE-2025-32435 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-32435?

Check the references section above for vendor advisories and patch information. Affected products include: Nixos Hydra.

Vulnerability Description

Hydra is a Continuous Integration service for Nix based projects. Evaluation of untrusted non-flake nix code could potentially access secrets that are accessible by the hydra user/group. This should not affect the signing keys, that are owned by the hydra-queue-runner and hydra-www users respectively.

CVSS Score

2.6

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Nixos	Hydra	< 2025-04-11

Related Weaknesses (CWE)

CWE-95

References

https://github.com/NixOS/hydra/commit/8d750265135b7e203520036a742afdf301b4013fPatch
https://github.com/NixOS/hydra/security/advisories/GHSA-j7w7-965w-vjxwVendor Advisory
https://github.com/NixOS/nixpkgs/pull/397919Issue Tracking
https://github.com/nix-community/nix-eval-jobs/releases/tag/v2.28.1Release Notes

FAQ

What is CVE-2025-32435?

CVE-2025-32435 is a vulnerability with a CVSS score of 2.6 (LOW). Hydra is a Continuous Integration service for Nix based projects. Evaluation of untrusted non-flake nix code could potentially access secrets that are accessible by the hydra user/group. This should n...

How severe is CVE-2025-32435?

CVE-2025-32435 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-32435?

Check the references section above for vendor advisories and patch information. Affected products include: Nixos Hydra.