CVE-2025-53819

HIGH

Nix 2.30.0 - Privilege Escalation via Build Process

Title source: llm
STIX 2.1

Description

Nix is a package manager for Linux and other Unix systems. Builds with Nix 2.30.0 on macOS were executed with elevated privileges (root), instead of the build users. The fix was applied to Nix 2.30.1. No known workarounds are available.

References (4)

Core 4

Scores

CVSS v3 7.9
EPSS 0.0012
EPSS Percentile 2.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-271
Status published
Products (1)
NixOS/nix = 2.30.0
Published Jul 14, 2025
Tracked Since Feb 18, 2026