CVE-2025-53391

9.3CRITICAL

Key Information:

Vendor: Debian
Status: Zulucrypt
Vendor: CVE Published:; 28 June 2025

What is CVE-2025-53391?

The Debian zuluPolkit/CMakeLists.txt file for zuluCrypt through the zulucrypt_6.2.0-1 package has insecure PolicyKit allow_any/allow_inactive/allow_active settings that allow a local user to escalate their privileges to root.

Affected Version(s)

zulucrypt zulucrypt_5.5.0-1

References

https://bugs.debian.org/1108288

https://salsa.debian.org/debian/zulucrypt/-/blob/9d661c9f...

https://deb.debian.org/debian/pool/main/z/zulucrypt/zuluc...

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 28, 2025
Vulnerability Reserved
Jun 28, 2025