Base Score

HIGH8.5

CVE-2025-5689

A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session.

VectorNETWORK

Published Bysecurity@ubuntu.com

Published DateJun 16, 2025, 12:15

Affected Versions(1)

github.com/ubuntu/authd(Go)

Introduced0

Fixed0.5.4

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
github.com/ubuntu/authd(Go)	0	0.5.4	N/A

Weakness Type (CWE):CWE-269

CVSS Metrics

Base Score

8.5

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

CHANGED

Confidentiality (C)

HIGH

Integrity (I)

LOW

Availability (A)

NONE

References

https://github.com/ubuntu/authd/security/advisories/GHSA-g8qw-mgjx-rwjr

Base Score

HIGH8.5

Weakness Type (CWE):CWE-269

CVSS Metrics

Base Score

8.5

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

CHANGED

Confidentiality (C)

HIGH

Integrity (I)

LOW

Availability (A)

NONE