CVE-2025-5791 HIGH

CVE-2025-5791: Users: `root` appended to group listings

Vendor Red Hat
Product Red Hat Enterprise Linux 10
Weakness CWE-266
Published June 6, 2025
Last update November 20, 2025

CVSS base score

7.1/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list.

Key dates

02Disclosure timeline

June 6, 2025 CVE published
November 20, 2025 Record updated