CVE-2025-23222
Published: 24 January 2025
Description
An issue was discovered in Deepin dde-api-proxy through 1.0.19 in which unprivileged users can access D-Bus services as root. Specifically, dde-api-proxy runs as root and forwards messages from arbitrary local users to legacy D-Bus methods in the actual D-Bus services, and the actual D-Bus services don't know about the proxy situation (they believe that root is asking them to do things). Consequently several proxied methods, that shouldn't be accessible to non-root users, are accessible to non-root users. In situations where Polkit is involved, the caller would be treated as admin, resulting in a similar escalation of privileges.
Security Summary
CVE-2025-23222 is a privilege escalation vulnerability affecting Deepin dde-api-proxy through version 1.0.19. The dde-api-proxy runs as root and forwards D-Bus messages from arbitrary local unprivileged users to legacy D-Bus methods in actual D-Bus services. These services are unaware of the proxy and treat the requests as originating from root, enabling unprivileged users to access proxied methods that should be restricted to root. When Polkit is involved, the caller is treated as an admin, resulting in privilege escalation. The issue carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-940.
The vulnerability can be exploited by local unprivileged attackers requiring no special privileges. By sending crafted messages through the dde-api-proxy, attackers can invoke privileged D-Bus methods, achieving high impacts on confidentiality, integrity, and availability, effectively escalating privileges to root or admin levels.
Advisories addressing CVE-2025-23222 include the SUSE Bugzilla entry at https://bugzilla.suse.com/show_bug.cgi?id=1229918, the openSUSE security notice at https://security.opensuse.org/2025/01/24/dde-api-proxy-privilege-escalation.html, and the OSS-Security mailing list discussion at https://www.openwall.com/lists/oss-security/2025/01/24/3.
Details
- CWE(s)