Privilege Escalation Vulnerabilities in Nix, Lix, and Guix Package Managers
CVE-2025-52991

3.2LOW

Key Information:

Vendor: Nixos
Status: Nix
Vendor: CVE Published:; 27 June 2025

What is CVE-2025-52991?

The Nix, Lix, and Guix package managers have a design flaw due to their use of default temporary build directories placed in world-readable and world-writable locations. This flaw allows standard users to misguide the package managers into utilizing directories that may contain pre-existing content, potentially leading to unauthorized actions and manipulation of data. This vulnerability affects multiple versions of Nix, Lix, and Guix and poses a significant risk if not addressed.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Nix 0 < 2.24.15

Nix 2.25.0 < 2.26.4

Nix 2.27.0 < 2.28.4

References

https://discourse.nixos.org/t/security-advisory-privilege...

https://lix.systems/blog/2025-06-24-lix-cves/

https://guix.gnu.org/en/blog/2025/privilege-escalation-vu...

CVSS V3.1

Score:

3.2

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jun 27, 2025
Vulnerability Reserved
Jun 23, 2025

JSON

Nixos

What is CVE-2025-52991?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.