Base Score

HIGH7.1

CVE-2025-5791

A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list.

VectorLOCAL

Published Bysecalert@redhat.com

Published DateJun 06, 2025, 14:15

Affected Versions(1)

users(crates.io)

Introduced0.8.0

FixedN/A

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
users(crates.io)	0.8.0	N/A	N/A

Weakness Type (CWE):CWE-266

CVSS Metrics

Base Score

7.1

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

NONE

References

Base Score

HIGH7.1

Weakness Type (CWE):CWE-266

CVSS Metrics

Base Score

7.1

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

NONE