{"id":"AZL-65379","summary":"CVE-2025-7519 affecting package polkit for versions less than 0.119-4","details":"A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly.","modified":"2026-04-21T04:37:35.188028Z","published":"2025-07-14T14:15:25Z","upstream":["CVE-2025-7519"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7519"}],"affected":[{"package":{"name":"polkit","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/polkit"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.119-4"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-65379.json"}}],"schema_version":"1.7.5"}