Privilege Escalation Vulnerability in zuluCrypt by Debian
CVE-2025-53391

9.3CRITICAL

Key Information:

Vendor: Debian
Status: Zulucrypt
Vendor: CVE Published:; 28 June 2025

What is CVE-2025-53391?

The zuluCrypt package in Debian has a vulnerability in the PolicyKit configuration, specifically within the zuluPolkit/CMakeLists.txt file. The insecure allow_any/allow_inactive/allow_active settings enable local users to escalate their privileges, potentially granting them root access. This misconfiguration poses a significant security risk, allowing unauthorized users to perform actions with elevated privileges.

Affected Version(s)

zulucrypt zulucrypt_5.5.0-1

References

https://bugs.debian.org/1108288

https://salsa.debian.org/debian/zulucrypt/-/blob/9d661c9f...

https://deb.debian.org/debian/pool/main/z/zulucrypt/zuluc...

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 28, 2025
Vulnerability Reserved
Jun 28, 2025