CVE-2025-0781
Incorrect Authorization in SimGear
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.6EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
28 Jan 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected products
FlightGear · SimGearWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://gitlab.com/flightgear/flightgear/-/commit/ad37afce28083fad7f79467b3ffdead753584358https://gitlab.com/flightgear/flightgear/-/issues/3025https://gitlab.com/flightgear/simgear/-/commit/5bb023647114267141a7610e8f1ca7d6f4f5a5a8https://lists.debian.org/debian-lts-announce/2025/01/msg00028.htmlhttps://lists.debian.org/debian-lts-announce/2025/01/msg00029.html