Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-9njt-k8tx-tka3
Summary
GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of GStreamer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the product installer. The issue results from incorrect permissions on folders. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. Was ZDI-CAN-25448.
Aliases
0
alias CVE-2025-2759
Fixed_packages
0
url pkg:deb/debian/gstreamer1.0@0?distro=trixie
purl pkg:deb/debian/gstreamer1.0@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gstreamer1.0@0%3Fdistro=trixie
1
url pkg:deb/debian/gstreamer1.0@1.18.4-2.1?distro=trixie
purl pkg:deb/debian/gstreamer1.0@1.18.4-2.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gstreamer1.0@1.18.4-2.1%3Fdistro=trixie
2
url pkg:deb/debian/gstreamer1.0@1.22.0-2%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/gstreamer1.0@1.22.0-2%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gstreamer1.0@1.22.0-2%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/gstreamer1.0@1.26.2-2?distro=trixie
purl pkg:deb/debian/gstreamer1.0@1.26.2-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gstreamer1.0@1.26.2-2%3Fdistro=trixie
4
url pkg:deb/debian/gstreamer1.0@1.28.1-1?distro=trixie
purl pkg:deb/debian/gstreamer1.0@1.28.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gstreamer1.0@1.28.1-1%3Fdistro=trixie
5
url pkg:deb/debian/gstreamer1.0@1.28.2-1?distro=trixie
purl pkg:deb/debian/gstreamer1.0@1.28.2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gstreamer1.0@1.28.2-1%3Fdistro=trixie
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-2759
reference_id
reference_type
scores
0
value 0.00038
scoring_system epss
scoring_elements 0.11445
published_at 2026-04-21T12:55:00Z
1
value 0.00038
scoring_system epss
scoring_elements 0.11529
published_at 2026-04-02T12:55:00Z
2
value 0.00038
scoring_system epss
scoring_elements 0.1146
published_at 2026-04-13T12:55:00Z
3
value 0.00038
scoring_system epss
scoring_elements 0.11322
published_at 2026-04-16T12:55:00Z
4
value 0.00038
scoring_system epss
scoring_elements 0.11321
published_at 2026-04-18T12:55:00Z
5
value 0.00038
scoring_system epss
scoring_elements 0.11581
published_at 2026-04-04T12:55:00Z
6
value 0.00038
scoring_system epss
scoring_elements 0.1137
published_at 2026-04-07T12:55:00Z
7
value 0.00038
scoring_system epss
scoring_elements 0.11454
published_at 2026-04-08T12:55:00Z
8
value 0.00038
scoring_system epss
scoring_elements 0.11512
published_at 2026-04-09T12:55:00Z
9
value 0.00038
scoring_system epss
scoring_elements 0.11523
published_at 2026-04-11T12:55:00Z
10
value 0.00038
scoring_system epss
scoring_elements 0.11489
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-2759
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://www.zerodayinitiative.com/advisories/ZDI-25-268/
reference_id ZDI-25-268
reference_type
scores
0
value 7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-22T13:35:15Z/
url https://www.zerodayinitiative.com/advisories/ZDI-25-268/
Weaknesses
0
cwe_id 732
name Incorrect Permission Assignment for Critical Resource
description The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Exploits
Severity_range_score7.0 - 7.0
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-9njt-k8tx-tka3