Vulnerability Description
The Debian zuluPolkit/CMakeLists.txt file for zuluCrypt through the zulucrypt_6.2.0-1 package has insecure PolicyKit allow_any/allow_inactive/allow_active settings that allow a local user to escalate their privileges to root.
CVSS Score
CRITICAL
Related Weaknesses (CWE)
References
- https://bugs.debian.org/1108288
- https://deb.debian.org/debian/pool/main/z/zulucrypt/zulucrypt_6.2.0-1.dsc
- https://salsa.debian.org/debian/zulucrypt/-/blob/9d661c9f384c4d889d3387944e14ac7
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108288
FAQ
What is CVE-2025-53391?
CVE-2025-53391 is a vulnerability with a CVSS score of 9.3 (CRITICAL). The Debian zuluPolkit/CMakeLists.txt file for zuluCrypt through the zulucrypt_6.2.0-1 package has insecure PolicyKit allow_any/allow_inactive/allow_active settings that allow a local user to escalate ...
How severe is CVE-2025-53391?
CVE-2025-53391 has been rated CRITICAL with a CVSS base score of 9.3/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-53391?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.