High severity7.1GHSA Advisory· Published Jun 6, 2025· Updated Apr 15, 2026
CVE-2025-5791
CVE-2025-5791
Description
A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
userscrates.io | >= 0.8.0, <= 0.11.0 | — |
Affected products
1- Range: >= 0.8.0, <= 0.11.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- github.com/advisories/GHSA-m65q-v92h-cm7qghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-5791ghsaADVISORY
- access.redhat.com/security/cve/CVE-2025-5791nvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- github.com/ogham/rust-users/issues/44nvdWEB
- rustsec.org/advisories/RUSTSEC-2025-0040.htmlnvdWEB
- access.redhat.com/errata/RHSA-2025:12359nvd
- crates.io/crates/usersnvd
News mentions
0No linked articles in our index yet.