CVE-2025-5689 HIGH

CVE-2025-5689: Improper Permission Management in SSH Session Handling

Vendor Canonical
Product authd
Published June 16, 2025
Last update June 17, 2025

CVSS base score

8.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

What the vulnerability does

01Description

A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session.

Key dates

02Disclosure timeline

June 16, 2025 CVE published
June 17, 2025 Record updated