216.73.217.80

CVE-2025-41259

· Published 03/06/2026 13:16 · Modified 04/06/2026 16:40

Labels: CVE-2025-41259 1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a2026-06-03CVE-2025-41259CWE-367

Essential information

Published
03/06/2026 13:16
Modified
04/06/2026 16:40
Author
Creator
CVSS
7.3 HIGH (v3) 7.3 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

SWUpdate before 2026.05 is affected by a time-of-check time-of-use (TOCTOU) race condition that allows local unprivileged attackers to escalate privileges to root or install untrusted contents using a signed update.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a
NVD
View on NVD

Affected products (CPE)

ProductCPE
swupdate / swupdate cpe:2.3:a:swupdate:swupdate:*:*:*:*:*:*:*:*

References