CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-0781: Incorrect Authorization in SimGear

8.6 CVSS

Description

An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level.

Classification

CVE ID: CVE-2025-0781

CVSS Base Severity: HIGH

CVSS Base Score: 8.6

Affected Products

Vendor: FlightGear

Product: SimGear

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 18.25% (scored less or equal to compared to others)

EPSS Date: 2025-02-27 (when was this score calculated)

References

https://gitlab.com/flightgear/simgear/-/commit/5bb023647114267141a7610e8f1ca7d6f4f5a5a8
https://gitlab.com/flightgear/flightgear/-/commit/ad37afce28083fad7f79467b3ffdead753584358
https://gitlab.com/flightgear/flightgear/-/issues/3025

Timeline

2025-01-29 10:30:10 UTC
CVE

Incorrect Authorization in SimGear
2025-02-07 09:46:13 UTC
Tenable Plugins

Fedora 40 : FlightGear / SimGear (2025-725bba93b2)