High severity7.1GHSA Advisory· Published Jun 6, 2025· Updated Apr 15, 2026
CVE-2025-5791
CVE-2025-5791
Description
A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
userscrates.io | >= 0.8.0, <= 0.11.0 | — |
Affected products
14- Range: >= 0.8.0, <= 0.11.0
- ghsa-coords13 versionspkg:cargo/userspkg:rpm/opensuse/afterburn&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/agama&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/flake-pilot&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/lsd&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/mirrorsorcerer&distro=openSUSE%20Tumbleweedpkg:rpm/suse/afterburn&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/afterburn&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/afterburn&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/afterburn&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/afterburn&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/afterburn&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/himmelblau&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7
>= 0.8.0, <= 0.11.0+ 12 more
- (no CPE)range: >= 0.8.0, <= 0.11.0
- (no CPE)range: < 5.8.2-3.1
- (no CPE)range: < 17+60.68fdb92ec-26.1
- (no CPE)range: < 3.1.19-1.1
- (no CPE)range: < 1.2.0-1.1
- (no CPE)range: < 0.1.3~1-1.1
- (no CPE)range: < 5.9.0.git21.a73f509-150300.3.5.1
- (no CPE)range: < 5.9.0.git21.a73f509-150400.3.3.1
- (no CPE)range: < 5.9.0.git21.a73f509-150400.3.3.1
- (no CPE)range: < 5.9.0.git21.a73f509-150500.3.3.1
- (no CPE)range: < 5.9.0.git21.a73f509-1.1
- (no CPE)range: < 5.9.0.git21.a73f509-slfo.1.1_1.1
- (no CPE)range: < 0.7.17+git.0.1ebdab0-150700.3.3.2
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-m65q-v92h-cm7qghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-5791ghsaADVISORY
- access.redhat.com/security/cve/CVE-2025-5791nvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- github.com/ogham/rust-users/issues/44nvdWEB
- rustsec.org/advisories/RUSTSEC-2025-0040.htmlnvdWEB
- access.redhat.com/errata/RHSA-2025:12359nvd
- crates.io/crates/usersnvd
News mentions
0No linked articles in our index yet.