CVE-2025-68119

medium

Red Hat

CVSS v3 Base Score

6.7

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS Score

0.0%

Exploitation probability in 30 days

Top 98% most likely to be exploited

Attack Characteristics

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Confidentiality

High

Integrity

High

Availability

High

Published: January 28, 2026 (106 days ago)

Last Modified: January 28, 2026

Vendor: Red Hat

Description

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are constructed. This issue can also be triggered by providing a malicious version string to the toolchain. On systems with Git installed, downloading and building modules with malicious version strings can allow an attacker to write to arbitrary files on the filesystem. This can only be triggered by explicitly providing the malicious version strings to the toolchain and does not affect usage of @latest or bare module paths.

CWE

CWE-78

Affected Products

Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 go.dev 🔗 go.dev

CVE-2025-68119

Vulnerability Report

Description

CWE

Affected Products

References