← back
CVE-2025-0781

Incorrect Authorization in SimGear

CVSS 8.6 HIGHEPSS 0.3%CWE-863
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.6EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
28 Jan 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected products
FlightGear · SimGear

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →