{
  "threat_severity" : "Moderate",
  "public_date" : "2025-07-11T00:00:00Z",
  "bugzilla" : {
    "description" : "polkit: XML policy file with a large number of nested elements may lead to out-of-bounds write",
    "id" : "2379675",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2379675"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.7",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-787",
  "details" : [ "A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly.", "A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly." ],
  "statement" : "This vulnerability was rated with a Moderate severity by the Red Hat Product Security team. Although it may eventually lead to code execution, for an attacker to exploit this vulnerability by using a malicious XML policy file, they must have a high-privileged account on the system. This happens because the directories that hold Polkit's policy files are owned by the root user, drastically reducing the attack surface for this vulnerability.",
  "acknowledgement" : "Red Hat would like to thank Mohamed Maatallah (Independent security researcher) for reporting this issue.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Fix deferred",
    "package_name" : "polkit",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "polkit",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "polkit",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "polkit",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "polkit",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Fix deferred",
    "package_name" : "rhcos",
    "cpe" : "cpe:/a:redhat:openshift:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-7519\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-7519\nhttps://github.com/polkit-org/polkit/commit/107d3801361b9f9084f78710178e683391f1d245\nhttps://github.com/polkit-org/polkit/pull/570" ],
  "name" : "CVE-2025-7519",
  "mitigation" : {
    "value" : "There's no known mitigation to this vulnerability other than avoiding the implementation of unknown or untrusted polkit policy files to the system.",
    "lang" : "en:us"
  },
  "csaw" : false
}