DevGuard Logo

🛡️ DevGuard
Group
/🗄️ Devguard Postgresql
Repository

Overview
Compliance
Artifacts
Code Risks
Dependency Risks
License Risks
Dependencies

CVE-2025-1390

The PAM module pam_cap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to security risks. Attackers can exploit this vulnerability to achieve local privilege escalation on systems where /etc/security/capability.conf is used to configure user inherited privileges by constructing specific usernames.

Open
LOW (3.5)
  • T

    Tim Bastin detected CVE-2025-1390 with a risk of 3.5

    0.8.2
  • logo

    System updated the risk assessment to 1.75

    0.8.2

    System recalculated raw risk assessment

  • T

    Tim Bastin detected CVE-2025-1390 with a risk of 3.5

    0.8.3
  • logo

    System updated the risk assessment to 1.75

    0.8.3

    System recalculated raw risk assessment

  • T

    Tim Bastin detected CVE-2025-1390 with a risk of 1.16

    0.9.1
  • logo

    System updated the risk assessment from 1.16 to 0.87

    0.9.1

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 1.75 to 3.5

    0.8.2

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 0.87 to 1.75

    0.9.1

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 1.75 to 3.5

    0.8.3

    System recalculated raw risk assessment

  • T

    Tim Bastin detected CVE-2025-1390 with a risk of 1.75

    0.10.1
  • logo

    System detected CVE-2025-1390 with a risk of 3.5

    main
  • T

    Tim Bastin detected CVE-2025-1390 with a risk of 1.75

    0.11.1
  • logo

    System updated the risk assessment from 3.5 to 1.75

    0.12.1

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 3.5 to 1.75

    0.12.2

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 3.5 to 1.75

    0.12.3

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 3.5 to 1.75

    0.8.2

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 3.5 to 1.75

    main

    System recalculated raw risk assessment

  • logo

    System fixed CVE-2025-1390

    0.12.3
  • logo

    System fixed CVE-2025-1390

    0.12.2
  • logo

    System fixed CVE-2025-1390

    0.12.1
  • logo

    System fixed CVE-2025-1390

    0.10.1
  • logo

    System fixed CVE-2025-1390

    0.9.1
  • logo

    System fixed CVE-2025-1390

    0.8.3
  • logo

    System fixed CVE-2025-1390

    0.11.1
  • logo

    System fixed CVE-2025-1390

    0.8.2
  • logo

    System fixed CVE-2025-1390

    main
  • logo

    System detected CVE-2025-1390 with a risk of 1.75

    0.12.3
  • logo

    System updated the risk assessment from 1.75 to 3.5

    main

    System recalculated raw risk assessment

Add a comment

Mark as False Positive
Last calculated at:

Affected component

debian/libcap2

Installed version:
2.66-4
Fixed in:
no patch available
Show in dependency graph

Management decisions across the organization

GitHubImprintTerms of UsePrivacy
Copyright © 2025 L3montree GmbH and the DevGuard Contributors. All rights reserved. Version 2ab7b793efd72421aea8c3a994ac60202bf1b3a5