{"id":"CVE-2021-25321","details":"A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions.","modified":"2026-04-16T04:35:08.559657190Z","published":"2021-06-30T09:15:08.150Z","related":["SUSE-SU-2021:14759-1","SUSE-SU-2021:2175-1","SUSE-SU-2021:2177-1","openSUSE-SU-2021:0945-1","openSUSE-SU-2021:2177-1","openSUSE-SU-2024:10634-1"],"references":[{"type":"REPORT","url":"https://bugzilla.suse.com/show_bug.cgi?id=1186240"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-25321.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"2.1a15"}]},{"events":[{"introduced":"0"},{"last_affected":"2.1a15-169.5"}]},{"events":[{"introduced":"0"},{"last_affected":"2.1a15-lp152.5.5"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}