The Nix, Lix, and Guix package managers allow a bypass of build isolation in which a user can elevate their privileges to the build user account (e.g., nixbld or guixbuild). This affects Nix through 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix through 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b.
Metrics
Affected Vendors & Products
References
History
Fri, 27 Jun 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 27 Jun 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Nix, Lix, and Guix package managers allow a bypass of build isolation in which a user can elevate their privileges to the build user account (e.g., nixbld or guixbuild). This affects Nix through 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix through 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b. | |
Weaknesses | CWE-282 | |
References |
|
|
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: mitre
Published: 2025-06-27T00:00:00.000Z
Updated: 2025-06-27T15:49:08.285Z
Reserved: 2025-04-24T00:00:00.000Z
Link: CVE-2025-46416

Updated: 2025-06-27T15:49:03.318Z

Status : Awaiting Analysis
Published: 2025-06-27T14:15:38.163
Modified: 2025-06-30T18:38:48.477
Link: CVE-2025-46416

No data.