{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-04T16:31:20.247","vulnerabilities":[{"cve":{"id":"CVE-2022-25328","sourceIdentifier":"cve-coordination@google.com","published":"2022-02-25T11:15:08.120","lastModified":"2024-11-21T06:52:00.670","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoint path and if the system administrator happens to be using the fscrypt bash completion script to complete mountpoint paths. We recommend upgrading to version 0.3.3 or above"},{"lang":"es","value":"El script bash_completion para fscrypt permite la inyección de comandos por medio de rutas de punto de montaje diseñadas, permitiendo una escalada de privilegios bajo un conjunto específico de circunstancias. Un usuario local que tenga control sobre las rutas de los puntos de montaje podría escalar sus privilegios si crea una ruta de punto de montaje maliciosa y si el administrador del sistema resulta estar usando el script bash_completion de fscrypt para completar las rutas de los puntos de montaje. Recomendamos actualizar a versión 0.3.3 o superior\n"}],"metrics":{"cvssMetricV31":[{"source":"cve-coordination@google.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cve-coordination@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:fscrypt:*:*:*:*:*:*:*:*","versionEndExcluding":"0.3.3","matchCriteriaId":"623A7E29-1DE3-4D26-893E-8EE2D7FADD46"}]}]}],"references":[{"url":"https://github.com/google/fscrypt/pull/346","source":"cve-coordination@google.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/google/fscrypt/pull/346","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}}]}