CVE-2025-23394

CVE-2025-23394: daily-backup.sh script in cyrus-imapd allows escalation from cyrus to root

Vendor Suse
Product openSUSE Tumbleweed
Weakness CWE-61
Published May 26, 2025
Last update May 27, 2025

CVSS base score

What the vulnerability does

01Description

A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root.This issue affects openSUSE Tumbleweed cyrus-imapd before 3.8.4-2.1.

Key dates

02Disclosure timeline

May 26, 2025 CVE published
May 27, 2025 Record updated