Informazioni sul CVE-2025-27148
Gradle vulnerable to local privilege escalation through system temporary directory
CWE ID: CWE-378
Base Score (CVSS): N/A
CVE: CVE-2025-27148
Descrizione: Gradle is a build automation tool. Its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can be created with permissions allowing multiple users to create and delete files. This library initialization could be vulnerable to a local privilege escalation if an attacker quickly deletes and recreates files in the system temporary directory. Gradle builds relying on versions of `net.rubygrapefruit:native-platform` prior to 0.22-milestone-28 are susceptible to this vulnerability. Prior to 0.22-milestone-28, if the `Native.get(Class<>)` method was called without calling `Native.init(File)`, using a non-`null` argument for the working file path, it would initialize itself using the system temporary directory and NativeLibraryLocator.java lines 68 through 78. Version 0.22-milestone-28 addressed this issue. Initialization is now mandatory and no longer uses the system temporary directory, unless a specific path is provided for initialization. Gradle 8.12, version 8.12.1, had codepaths where initialization relied on a default path, copying binaries to the system temporary directory. This exposed a vulnerability. Windows and macOS users are not vulnerable, and Unix-like systems with the “sticky” bit set or `noexec` on their temporary directory are not vulnerable. This problem was fixed in Gradle 8.12.1. Gradle 8.13 also upgrades to a newer native library version. Some workarounds are available. On Unix-like systems, ensure the “sticky” bit is set. This only allows the original user (or root) to delete a file. Mounting `/tmp` as `noexec` will prevent Gradle 8.12 from starting. Those unable to change the permissions of the system temporary directory can move the Java temporary directory by setting the System Property `java.io.tmpdir`.
Vettore di attacco CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Punteggio CVSS
Il CVSS è un sistema di valutazione che misura la gravità di una vulnerabilità informatica considerando fattori come l’impatto potenziale, la probabilità di attacco e la facilità di esecuzione.
Riassunto: Accesso: Local, Privilegi: Low, Interazione utente: None, Confidenzialità: High, Integrità: High, Disponibilità: High.
Dettaglio del Vettore
| Metrica | Valore | Significato | Descrizione |
|---|---|---|---|
| Attack Vector (AV) | L | Local | L’attaccante deve avere accesso locale al sistema. |
| Attack Complexity (AC) | L | Low | L’attacco non richiede condizioni particolari. |
| Privileges Required (PR) | L | Low | Richiede pochi privilegi. |
| User Interaction (UI) | N | None | Non è richiesta interazione dell’utente. |
| Scope (S) | C | Changed | La vulnerabilità impatta su componenti esterni. |
| Confidentiality Impact (C) | H | High | Grave impatto sulla riservatezza. |
| Integrity Impact (I) | H | High | Grave impatto sull’integrità. |
| Availability Impact (A) | H | High | Rende il sistema inutilizzabile. |
Riferimenti esterni
- https://github.com/gradle/gradle/security/advisories/GHSA-465q-w4mf-4f4r
- https://github.com/gradle/gradle/security/advisories/GHSA-89qm-pxvm-p336
- https://github.com/gradle/native-platform/security/advisories/GHSA-2xxp-vw2f-p3x8
- https://github.com/gradle/gradle/pull/32025
- https://github.com/gradle/native-platform/pull/353
- https://en.wikipedia.org/wiki/Fstab#Options_common_to_all_filesystems
- https://en.wikipedia.org/wiki/Sticky_bit
- https://github.com/gradle/native-platform/blob/574dfe8d9fb546c990436468d617ab81c140871d/native-platform/src/main/java/net/rubygrapefruit/platform/internal/NativeLibraryLocator.java#L68-L78
Prodotti interessati
- gradle – gradle
Relazioni con altri prodotti
Produttore:gradle
Prodotto: gradle
Anno: 2025
CWE: CWE-378
CVSS: 0.0