Sign In

CVE-2025-1390

ADVISORY - ubuntu

Summary

The PAM module pam_cap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to security risks. Attackers can exploit this vulnerability to achieve local privilege escalation on systems where /etc/security/capability.conf is used to configure user inherited privileges by constructing specific usernames.

EPSS Score: 0.00021 (0.040)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-284

Improper Access Control

ADVISORY - redhat

CWE-284

Improper Access Control

Impacted images

Advisories

Ubuntu

CREATED

UPDATED

ADVISORY IDCVE-2025-1390
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium
PackageTypeOS NameOS VersionAffected RangesFix Versions
ubuntu/libcap2debubuntu22.04<1:2.44-1ubuntu0.22.04.21:2.44-1ubuntu0.22.04.2
ubuntu/libcap2debubuntu24.04<1:2.66-5ubuntu2.21:2.66-5ubuntu2.2
ubuntu/libcap2debubuntu24.10<1:2.66-5ubuntu3.11:2.66-5ubuntu3.1
ubuntu/libcap2debubuntu20.04<1:2.32-1ubuntu0.21:2.32-1ubuntu0.2

Severity and metrics

No CVSS data available from this advisory.

NIST

CREATED

UPDATED

ADVISORY IDCVE-2025-1390
EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-284

CVSS SCORE

6.1medium

Debian

CREATED

UPDATED

ADVISORY IDCVE-2025-1390
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Amazon

CREATED

UPDATED

ADVISORY IDALAS2-2025-2796
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Amazon

CREATED

UPDATED

ADVISORY IDALAS2023-2025-897
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Red Hat

CREATED

UPDATED

ADVISORY IDCVE-2025-1390
EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-284

CVSS SCORE

6.1medium