CVE-2025-0781
Published: 28 January 2025
Description
An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level.
Security Summary
CVE-2025-0781 is a sandbox bypass vulnerability in the Nasal scripting engine used by the FlightGear flight simulator and its SimGear library. It allows an attacker to circumvent restrictions on Nasal scripts, enabling arbitrary writes to any file path that the affected user has permission to modify at the operating-system level. The issue, published on 2025-01-28, carries a CVSS v3.1 base score of 8.6 (AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H) and is associated with CWE-863 (Incorrect Authorization).
Exploitation requires local access with low attack complexity and no privileges, but relies on user interaction, such as executing a malicious Nasal script. A successful attack changes scope and achieves high impacts on confidentiality, integrity, and availability by allowing the attacker to overwrite arbitrary user-writable files, potentially leading to persistent code execution or data corruption within the user's permissions.
Patches are available in the FlightGear repository via commit ad37afce28083fad7f79467b3ffdead753584358 and in SimGear via commit 5bb023647114267141a7610e8f1ca7d6f4f5a5a8; details are discussed in FlightGear issue 3025. Debian LTS has addressed the vulnerability in announcements dated 2025-01 (msg00028.html and msg00029.html).
Details
- CWE(s)