{"id":"CVE-2025-53819","summary":"Nix's privilege dropping to build user broke for macOS","details":"Nix is a package manager for Linux and other Unix systems. Builds with Nix 2.30.0 on macOS were executed with elevated privileges (root), instead of the build users. The fix was applied to Nix 2.30.1. No known workarounds are available.","aliases":["GHSA-qc7j-jgf3-qmhg"],"modified":"2026-04-12T17:41:43.573563Z","published":"2025-07-14T20:42:12.818Z","database_specific":{"cna_assigner":"GitHub_M","cwe_ids":["CWE-271"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/53xxx/CVE-2025-53819.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/53xxx/CVE-2025-53819.json"},{"type":"ADVISORY","url":"https://github.com/NixOS/nix/security/advisories/GHSA-qc7j-jgf3-qmhg"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-53819"},{"type":"FIX","url":"https://github.com/NixOS/nix/commit/e2ef2cfcbc83ea01308ee64c38a58707ab23dec3"},{"type":"FIX","url":"https://github.com/NixOS/nix/pull/13281"},{"type":"FIX","url":"https://github.com/NixOS/nix/pull/13455"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nixos/nix","events":[{"introduced":"0"},{"fixed":"e2ef2cfcbc83ea01308ee64c38a58707ab23dec3"}]}],"versions":["1.0","1.1","1.10","1.11","1.11.1","1.2","1.3","1.4","1.5","1.5.1","1.5.2","1.5.3","1.6","1.6.1","1.7","1.8","1.9","2.0","2.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53819.json","vanir_signatures":[{"digest":{"line_hashes":["176488036611194801057003884013335359869","168816349759201478441357596660351132374","40709139274348560864228941697657986702","172916871977279862353849037828058460182"],"threshold":0.9},"id":"CVE-2025-53819-5b62e5e6","target":{"file":"src/libstore/unix/user-lock.cc"},"source":"https://github.com/nixos/nix/commit/e2ef2cfcbc83ea01308ee64c38a58707ab23dec3","signature_version":"v1","signature_type":"Line","deprecated":false},{"digest":{"function_hash":"198519095843597891743568744371673451303","length":321},"id":"CVE-2025-53819-f8e48483","target":{"function":"useBuildUsers","file":"src/libstore/unix/user-lock.cc"},"source":"https://github.com/nixos/nix/commit/e2ef2cfcbc83ea01308ee64c38a58707ab23dec3","signature_version":"v1","signature_type":"Function","deprecated":false}],"vanir_signatures_modified":"2026-04-12T17:41:43Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L"}]}