{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-23222", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-02-12T20:41:30.901Z", "dateReserved": "2025-01-13T00:00:00.000Z", "datePublished": "2025-01-24T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "dde-api-proxy", "vendor": "Deepin", "versions": [{"lessThanOrEqual": "1.0.19", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Deepin dde-api-proxy through 1.0.19 in which unprivileged users can access D-Bus services as root. Specifically, dde-api-proxy runs as root and forwards messages from arbitrary local users to legacy D-Bus methods in the actual D-Bus services, and the actual D-Bus services don't know about the proxy situation (they believe that root is asking them to do things). Consequently several proxied methods, that shouldn't be accessible to non-root users, are accessible to non-root users. In situations where Polkit is involved, the caller would be treated as admin, resulting in a similar escalation of privileges."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-940", "description": "CWE-940 Improper Verification of Source of a Communication Channel", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-01-24T17:04:19.974Z"}, "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=1229918"}, {"url": "https://www.openwall.com/lists/oss-security/2025/01/24/3"}, {"url": "https://security.opensuse.org/2025/01/24/dde-api-proxy-privilege-escalation.html"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-23222", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-24T17:40:55.747192Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T20:41:30.901Z"}}]}, "dataVersion": "5.1"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Deepin dde-api-proxy through 1.0.19 in which unprivileged users can access D-Bus services as root. Specifically, dde-api-proxy runs as root and forwards messages from arbitrary local users to legacy D-Bus methods in the actual D-Bus services, and the actual D-Bus services don't know about the proxy situation (they believe that root is asking them to do things). Consequently several proxied methods, that shouldn't be accessible to non-root users, are accessible to non-root users. In situations where Polkit is involved, the caller would be treated as admin, resulting in a similar escalation of privileges."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Deepin dde-api-proxy hasta la versi\u00f3n 1.0.19 en el que los usuarios sin privilegios pueden acceder a los servicios de D-Bus como root. Espec\u00edficamente, dde-api-proxy se ejecuta como superusuario y reenv\u00eda mensajes de usuarios locales arbitrarios a m\u00e9todos D-Bus heredados en los servicios D-Bus reales, y los servicios D-Bus reales no conocen la situaci\u00f3n del proxy (creen que superusuario les est\u00e1 pidiendo que hagan cosas). En consecuencia, varios m\u00e9todos proxy, que no deber\u00edan ser accesibles para usuarios que no sean root, son accesibles para usuarios que no son superusuarios. En situaciones en las que Polkit est\u00e1 involucrado, el llamador ser\u00eda tratado como administrador, lo que resultar\u00eda en una escalada similar de privilegios."}], "id": "CVE-2025-23222", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2025-01-24T17:15:15.730", "references": [{"source": "cve@mitre.org", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1229918"}, {"source": "cve@mitre.org", "url": "https://security.opensuse.org/2025/01/24/dde-api-proxy-privilege-escalation.html"}, {"source": "cve@mitre.org", "url": "https://www.openwall.com/lists/oss-security/2025/01/24/3"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-940"}], "source": "cve@mitre.org", "type": "Secondary"}]}

{}

{}