CVE-2025-66005 HIGH

CVE-2025-66005: Lack of Authentication in the InputManager D-Bus interface

Vendor Https://Github.com/Shadowblip

Product inputplumber

Weakness CWE-863 · Incorrect authorization

Published January 14, 2026

Last update January 14, 2026

View on NVD All CVEs

CVSS base score

8.5/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Lack of authorization of the InputManager D-Bus interface in InputPlumber versions before v0.63.0 can lead to local Denial-of-Service, information leak or even privilege escalation in the context of the currently active user session.

Key dates

02Disclosure timeline

January 14, 2026 CVE published

January 14, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-66005 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/863.html

Related vulnerabilities

Identifiers

CVE CVE-2025-66005

CWE CWE-863

CVSS 8.5 / HIGH

Affected versions