← voltar
CVE-2025-53819

Nix's privilege dropping to build user broke for macOS

CVSS 7.9 HIGHEPSS 0.1%CWE-271
Nix is a package manager for Linux and other Unix systems. Builds with Nix 2.30.0 on macOS were executed with elevated privileges (root), instead of the build users. The fix was applied to Nix 2.30.1. No known workarounds are available.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L
Produtos afetados
NixOS · nix

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/NixOS/nix/commit/e2ef2cfcbc83ea01308ee64c38a58707ab23dec3https://github.com/NixOS/nix/pull/13281https://github.com/NixOS/nix/pull/13455https://github.com/NixOS/nix/security/advisories/GHSA-qc7j-jgf3-qmhg