Vulnerability DatabaseCVE-2025-32438
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2025-32438
April 15, 2025
make-initrd-ng is a tool for copying binaries and their dependencies. Local privilege escalation affecting all NixOS users. With systemd.shutdownRamfs.enable enabled (the default) a local user is able to create a program that will be executed by root during shutdown. Patches exist for NixOS 24.11 and 25.05 / unstable. As a workaround, set systemd.shutdownRamfs.enable = false;.
Related Resources (3)
https://github.com/NixOS/nixpkgs/commit/fbf76bf72b161b9f4ab97704a8258776d5f3ffba
https://github.com/NixOS/nixpkgs/commit/b17590193d8e5697000c23c66afcf11e1753734d
https://github.com/NixOS/nixpkgs/security/advisories/GHSA-m7pq-h9p4-8rr4
Do you need more information?
Contact Us
CVSS v4
Base Score:
9.3
Attack Vector
LOCAL
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
HIGH
Subsequent System Integrity
HIGH
Subsequent System Availability
HIGH
CVSS v3
Base Score:
8.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Weakness Type (CWE)
Creation of Temporary File in Directory with Insecure Permissions
CWE-379
Creation of Temporary File With Insecure Permissions
CWE-378
EPSS
Base Score:
0.06