CVE-2022-25643
CRITICALseatd 0.6.0-0.6.3 - Privilege Escalation via User-Supplied Socket Pathname
Title source: llmDescription
seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname.
References (6)
Core 6
Core References
Various Sources
https://nvd.nist.gov/vuln/detail/CVE-2022-25643
Release Notes, Third Party Advisory
https://github.com/kennylevinsen/seatd/compare/0.6.3...0.6.4
Third Party Advisory
https://github.com/kennylevinsen/seatd/tags
Third Party Advisory
https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CETEO7R.QG8B1KGD531R1%40kl.wtf%3E
Scores
CVSS v3
9.8
EPSS
0.0201
EPSS Percentile
78.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-668
Status
published
Products (1)
seatd_project/seatd
0.6.0 - 0.6.4
Published
Feb 24, 2022
Tracked Since
Feb 18, 2026