Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-g2b1-59mn-g3ab
SummaryThe Nix, Lix, and Guix package managers allow a bypass of build isolation in which a user can elevate their privileges to the build user account (e.g., nixbld or guixbuild). This affects Nix through 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix through 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b.
Aliases
0
alias CVE-2025-46416
Fixed_packages
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-46416
reference_id
reference_type
scores
0
value 0.00082
scoring_system epss
scoring_elements 0.23967
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-46416
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46416
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46416
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108318
reference_id 1108318
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108318
3
reference_url https://lix.systems/blog/2025-06-24-lix-cves/
reference_id 2025-06-24-lix-cves
reference_type
scores
0
value 2.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-27T15:48:56Z/
url https://lix.systems/blog/2025-06-24-lix-cves/
4
reference_url https://discourse.nixos.org/t/security-advisory-privilege-escalations-in-nix-lix-and-guix/66017
reference_id 66017
reference_type
scores
0
value 2.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-27T15:48:56Z/
url https://discourse.nixos.org/t/security-advisory-privilege-escalations-in-nix-lix-and-guix/66017
5
reference_url https://security-tracker.debian.org/tracker/CVE-2025-46416
reference_id CVE-2025-46416
reference_type
scores
0
value 2.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-27T15:48:56Z/
url https://security-tracker.debian.org/tracker/CVE-2025-46416
6
reference_url https://labs.snyk.io
reference_id labs.snyk.io
reference_type
scores
0
value 2.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-27T15:48:56Z/
url https://labs.snyk.io
7
reference_url https://guix.gnu.org/en/blog/2025/privilege-escalation-vulnerabilities-2025/
reference_id privilege-escalation-vulnerabilities-2025
reference_type
scores
0
value 2.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-27T15:48:56Z/
url https://guix.gnu.org/en/blog/2025/privilege-escalation-vulnerabilities-2025/
8
reference_url https://security.snyk.io/vuln/?search=CVE-2025-46416
reference_id ?search=CVE-2025-46416
reference_type
scores
0
value 2.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-27T15:48:56Z/
url https://security.snyk.io/vuln/?search=CVE-2025-46416
Weaknesses
0
cwe_id 282
name Improper Ownership Management
description The product assigns the wrong ownership, or does not properly verify the ownership, of an object or resource.
Exploits
Severity_range_score2.9 - 2.9
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-g2b1-59mn-g3ab