{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-12T22:21:37.204","vulnerabilities":[{"cve":{"id":"CVE-2025-23222","sourceIdentifier":"cve@mitre.org","published":"2025-01-24T17:15:15.730","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Deepin dde-api-proxy through 1.0.19 in which unprivileged users can access D-Bus services as root. Specifically, dde-api-proxy runs as root and forwards messages from arbitrary local users to legacy D-Bus methods in the actual D-Bus services, and the actual D-Bus services don't know about the proxy situation (they believe that root is asking them to do things). Consequently several proxied methods, that shouldn't be accessible to non-root users, are accessible to non-root users. In situations where Polkit is involved, the caller would be treated as admin, resulting in a similar escalation of privileges."},{"lang":"es","value":"Se descubrió un problema en Deepin dde-api-proxy hasta la versión 1.0.19 en el que los usuarios sin privilegios pueden acceder a los servicios de D-Bus como root. Específicamente, dde-api-proxy se ejecuta como superusuario y reenvía mensajes de usuarios locales arbitrarios a métodos D-Bus heredados en los servicios D-Bus reales, y los servicios D-Bus reales no conocen la situación del proxy (creen que superusuario les está pidiendo que hagan cosas). En consecuencia, varios métodos proxy, que no deberían ser accesibles para usuarios que no sean root, son accesibles para usuarios que no son superusuarios. En situaciones en las que Polkit está involucrado, el llamador sería tratado como administrador, lo que resultaría en una escalada similar de privilegios."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":5.9}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-940"}]}],"references":[{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1229918","source":"cve@mitre.org"},{"url":"https://security.opensuse.org/2025/01/24/dde-api-proxy-privilege-escalation.html","source":"cve@mitre.org"},{"url":"https://www.openwall.com/lists/oss-security/2025/01/24/3","source":"cve@mitre.org"}]}}]}