{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T19:24:19.734","vulnerabilities":[{"cve":{"id":"CVE-2025-52992","sourceIdentifier":"cve@mitre.org","published":"2025-06-27T14:15:41.990","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Nix, Lix, and Guix package managers fail to properly set permissions when a derivation build fails. This may allow arbitrary processes to modify the content of a store outside of the build sandbox. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b."},{"lang":"es","value":"Los gestores de paquetes Nix, Lix y Guix no configuran correctamente los permisos cuando falla una compilación derivada. Esto puede permitir que procesos arbitrarios modifiquen el contenido de un almacén fuera del entorno de pruebas de compilación. Esto afecta a Nix anteriores a 2.24.15, 2.26.4, 2.28.4 y 2.29.1; Lix anteriores a 2.91.2, 2.92.2 y 2.93.1; y Guix anteriores a 1.4.0-38.0e79d5b. "}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N","baseScore":3.2,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.4,"impactScore":1.4}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-732"}]}],"references":[{"url":"https://discourse.nixos.org/t/security-advisory-privilege-escalations-in-nix-lix-and-guix/66017","source":"cve@mitre.org"},{"url":"https://guix.gnu.org/en/blog/2025/privilege-escalation-vulnerabilities-2025/","source":"cve@mitre.org"},{"url":"https://labs.snyk.io","source":"cve@mitre.org"},{"url":"https://lix.systems/blog/2025-06-24-lix-cves/","source":"cve@mitre.org"},{"url":"https://security-tracker.debian.org/tracker/CVE-2025-52992","source":"cve@mitre.org"},{"url":"https://security.snyk.io/vuln/?search=CVE-2025-52992","source":"cve@mitre.org"}]}}]}