Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-gx8m-nfzs-vufu
Summary
Yggdrasil Vulnerable to Local Privilege Escalation
A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks, allowing every system user to call it. One available Yggdrasil worker acts as a package manager with capabilities to create and enable new repositories and install or remove packages. 

This flaw allows an attacker with access to the system to leverage the lack of authentication on the dispatch message to force the Yggdrasil worker to install arbitrary RPM packages. This issue results in local privilege escalation, enabling the attacker to access and modify sensitive system data.
Aliases
0
alias CVE-2025-3931
1
alias GHSA-rpg2-jvhp-h354
Fixed_packages
Affected_packages
0
url pkg:rpm/redhat/yggdrasil@0.4.5-3?arch=el10_0
purl pkg:rpm/redhat/yggdrasil@0.4.5-3?arch=el10_0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fk74-ghxp-w3g9
1
vulnerability VCID-gx8m-nfzs-vufu
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/yggdrasil@0.4.5-3%3Farch=el10_0
References
0
reference_url https://access.redhat.com/errata/RHSA-2025:7592
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-14T13:26:50Z/
url https://access.redhat.com/errata/RHSA-2025:7592
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3931.json
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3931.json
2
reference_url https://access.redhat.com/security/cve/CVE-2025-3931
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-14T13:26:50Z/
url https://access.redhat.com/security/cve/CVE-2025-3931
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3931
reference_id
reference_type
scores
0
value 0.00077
scoring_system epss
scoring_elements 0.22755
published_at 2026-04-24T12:55:00Z
1
value 0.00077
scoring_system epss
scoring_elements 0.23065
published_at 2026-04-02T12:55:00Z
2
value 0.00077
scoring_system epss
scoring_elements 0.2311
published_at 2026-04-04T12:55:00Z
3
value 0.00077
scoring_system epss
scoring_elements 0.229
published_at 2026-04-07T12:55:00Z
4
value 0.00077
scoring_system epss
scoring_elements 0.22973
published_at 2026-04-08T12:55:00Z
5
value 0.00077
scoring_system epss
scoring_elements 0.23025
published_at 2026-04-09T12:55:00Z
6
value 0.00077
scoring_system epss
scoring_elements 0.23045
published_at 2026-04-11T12:55:00Z
7
value 0.00077
scoring_system epss
scoring_elements 0.23008
published_at 2026-04-12T12:55:00Z
8
value 0.00077
scoring_system epss
scoring_elements 0.22952
published_at 2026-04-13T12:55:00Z
9
value 0.00077
scoring_system epss
scoring_elements 0.22968
published_at 2026-04-16T12:55:00Z
10
value 0.00077
scoring_system epss
scoring_elements 0.22961
published_at 2026-04-18T12:55:00Z
11
value 0.00077
scoring_system epss
scoring_elements 0.22925
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3931
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2362345
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-14T13:26:50Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2362345
5
reference_url https://github.com/RedHatInsights/yggdrasil
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/RedHatInsights/yggdrasil
6
reference_url https://github.com/RedHatInsights/yggdrasil/commit/196d0cbea42f72e6dfecaa563681a99e9fdb4a38
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/RedHatInsights/yggdrasil/commit/196d0cbea42f72e6dfecaa563681a99e9fdb4a38
7
reference_url https://github.com/RedHatInsights/yggdrasil/pull/336
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-14T13:26:50Z/
url https://github.com/RedHatInsights/yggdrasil/pull/336
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3931
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3931
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6
reference_id cpe:/a:redhat:satellite:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
reference_id cpe:/o:redhat:enterprise_linux:10
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0
reference_id cpe:/o:redhat:enterprise_linux:10.0
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
reference_id cpe:/o:redhat:enterprise_linux:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
reference_id cpe:/o:redhat:enterprise_linux:9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
Weaknesses
0
cwe_id 280
name Improper Handling of Insufficient Permissions or Privileges
description The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state.
Exploits
Severity_range_score7.0 - 8.9
Exploitability0.5
Weighted_severity8.0
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-gx8m-nfzs-vufu