SB2025032549 - Privilege escalation in gradle
Published: March 25, 2025
Security Bulletin ID
SB2025032549
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Creation of Temporary File With Insecure Permissions (CVE-ID: CVE-2025-27148)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the system temporary directory can be created with open permissions. A local user can gain elevated privileges on the target system.
Remediation
Install update from vendor's website.
References
- https://en.wikipedia.org/wiki/Fstab#Options_common_to_all_filesystems
- https://en.wikipedia.org/wiki/Sticky_bit
- https://github.com/gradle/gradle/pull/32025
- https://github.com/gradle/gradle/security/advisories/GHSA-465q-w4mf-4f4r
- https://github.com/gradle/gradle/security/advisories/GHSA-89qm-pxvm-p336
- https://github.com/gradle/native-platform/blob/574dfe8d9fb546c990436468d617ab81c140871d/native-platform/src/main/java/net/rubygrapefruit/platform/internal/NativeLibraryLocator.java#L68-L78
- https://github.com/gradle/native-platform/pull/353
- https://github.com/gradle/native-platform/security/advisories/GHSA-2xxp-vw2f-p3x8