Medium severityNVD Advisory· Published Jan 14, 2026· Updated Apr 15, 2026

CVE-2025-67859

Description

A Improper Authentication vulnerability in TLP allows local users to arbitrarily control the power profile in use as well as the daemon’s log settings.This issue affects TLP: from 1.9 before 1.9.1.

Affected products

Linrunner/Tlpinferred
Range: >=1.9,<1.9.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugzilla.suse.com/show_bug.cginvd
security.opensuse.org/2026/01/07/tlp-polkit-authentication-bypass.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000