4 matches found
CVE-2025-23222
An issue was discovered in Deepin dde-api-proxy through 1.0.19 in which unprivileged users can access D-Bus services as root. Specifically, dde-api-proxy runs as root and forwards messages from arbitrary local users to legacy D-Bus methods in the actual D-Bus services, and the actual D-Bus servic...
CVE-2025-23222
An issue was discovered in Deepin dde-api-proxy through 1.0.19 in which unprivileged users can access D-Bus services as root. Specifically, dde-api-proxy runs as root and forwards messages from arbitrary local users to legacy D-Bus methods in the actual D-Bus services, and the actual D-Bus servic...
CVE-2025-23222
creationtimestamp| type| source ---|---|--- 2025-01-24 17:00:06+00:00| seen| https://infosec.exchange/users/cve/statuses/113884397944832603 2025-01-24 17:04:47+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/2935 2025-01-24 17:48:33+00:00| seen|...
CVE-2025-23222
Deepin dde-api-proxy (v1.0.19 and earlier) exposes a local privilege-escalation flaw: the daemon runs as root and forwards local user D-Bus requests to legacy D-Bus services, which do not detect the proxy context. This can allow unprivileged users to access D-Bus methods that should be restricted...