CVE-2025-52992

LOW

Nix/Lix/Guix <2.24.15/2.26.4/2.28.4/2.29.1 - Privilege Escalation

Title source: llm
STIX 2.1

Description

The Nix, Lix, and Guix package managers fail to properly set permissions when a derivation build fails. This may allow arbitrary processes to modify the content of a store outside of the build sandbox. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b.

References (6)

Scores

CVSS v3 3.2
EPSS 0.0007
EPSS Percentile 21.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-732
Status published
Products (4)
NixOS/Nix < 2.24.15
NixOS/Nix 2.25.0 - 2.26.4
NixOS/Nix 2.27.0 - 2.28.4
NixOS/Nix 2.29.0 - 2.29.1
Published Jun 27, 2025
Tracked Since Feb 18, 2026