vulnerability

Huawei EulerOS: CVE-2025-1390: libcap security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:S/C:P/I:C/A:N)	Feb 18, 2025	Jun 11, 2025	Aug 13, 2025

Severity

CVSS

(AV:L/AC:L/Au:S/C:P/I:C/A:N)

Published

Feb 18, 2025

Added

Jun 11, 2025

Modified

Aug 13, 2025

Description

The PAM module pam_cap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to security risks. Attackers can exploit this vulnerability to achieve local privilege escalation on systems where /etc/security/capability.conf is used to configure user inherited privileges by constructing specific usernames.

Solution

huawei-euleros-2_0_sp12-upgrade-libcap

References

CVE-2025-1390
https://attackerkb.com/topics/CVE-2025-1390
CWE-284
EULEROS-EulerOS-SA-2025-1594

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today