CVE-2025-0781CRITICAL 9.9EPSS p24.4%

CVE-2025-0781CVE-2025-0781

Description

An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level.

Scoring

CVSS 3.19.9 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS0.33% probability of exploitation · percentile 24.4% · 2026-06-19T12:03:05Z
Published2025-01-28
Last modified2025-08-06

Underlying weaknesses· 1

CWE-863

References

  1. https://gitlab.com/flightgear/flightgear/-/commit/ad37afce28083fad7f79467b3ffdead753584358
  2. https://gitlab.com/flightgear/flightgear/-/issues/3025
  3. https://gitlab.com/flightgear/simgear/-/commit/5bb023647114267141a7610e8f1ca7d6f4f5a5a8
  4. https://lists.debian.org/debian-lts-announce/2025/01/msg00028.html
  5. https://lists.debian.org/debian-lts-announce/2025/01/msg00029.html

1

TypeTargetConfidenceTier
WeaknessIncorrect Authorizationcwe-8630%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-1127
CVE
CVE-2026-22907
CVE
CVE-2025-59171
CVE
CVE-2025-57790
CVE
CVE-2025-58423
CVE
CVE-2025-23181
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.