CVE-2025-23222

An issue was discovered in Deepin dde-api-proxy through 1.0.19 in which unprivileged users can access D-Bus services as root. Specifically, dde-api-proxy runs as root and forwards messages from arbitrary local users to legacy D-Bus methods in the actual D-Bus services, and the actual D-Bus servic...

EUVD-2025-3151

Malicious code in bioql PyPI...

The vulnerability of the Deepin operating system’s dde-api-proxy component allows a hacker to gain root privileges.

The vulnerability of the dde-api-proxy component in the Deepin operating system is related to insufficient verification of the source of the communication channel. Exploiting this vulnerability can allow an attacker to gain root privileges...

CVE-2025-23222

Deepin dde-api-proxy (v1.0.19 and earlier) exposes a local privilege-escalation flaw: the daemon runs as root and forwards local user D-Bus requests to legacy D-Bus services, which do not detect the proxy context. This can allow unprivileged users to access D-Bus methods that should be restricted...

dde-api-proxy 安全漏洞

dde-api-proxy is a proxy program from Deepin open source. A security vulnerability exists in dde-api-proxy version 1.0.19, which stems from the fact that an unprivileged user can access the D-Bus service as root...

CVE-2025-23222

An issue was discovered in Deepin dde-api-proxy through 1.0.19 in which unprivileged users can access D-Bus services as root. Specifically, dde-api-proxy runs as root and forwards messages from arbitrary local users to legacy D-Bus methods in the actual D-Bus services, and the actual D-Bus servic...

PT-2025-4860 · Deepin · Dde-Api-Proxy

Name of the Vulnerable Software and Affected Versions: Deepin dde-api-proxy versions 1.0.0 through 1.0.19 Description: The issue allows unprivileged users to access D-Bus services as root because dde-api-proxy runs as root and forwards messages from arbitrary local users to legacy D-Bus methods i...