{"id":"CVE-2025-59378","details":"In guix-daemon in GNU Guix before 1618ca7, a content-addressed-mirrors file can be written to create a setuid program that allows a regular user to gain the privileges of the build user that runs it (even after the build has ended).","modified":"2026-04-10T05:32:01.150502Z","published":"2025-09-15T06:15:37Z","references":[{"type":"ARTICLE","url":"https://guix.gnu.org/en/blog/2025/privilege-escalation-vulnerability-2025-2/"},{"type":"WEB","url":"https://codeberg.org/guix/guix/commit/1618ca7aa2ee8b6519ee9fd0b965e15eca2bfe45"}],"schema_version":"1.7.5"}