CVE-2026-25704

Published: Mar 30, 2026 Last Modified: Mar 30, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,8
Source: [email protected]
Attack Vector: local
Attack Complexity: high
Privileges Required: low
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A

Description

AI Translation Available

A Privilege Dropping / Lowering Errors/Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in  cosmic-greeter can allow an attacker to regain privileges that should have been dropped and abuse them in the racy checking logic.

This issue affects cosmic-greeter before https://github.Com/pop-os/cosmic-greeter/pull/426.

271

Privilege Dropping / Lowering Errors

Incomplete
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control Non-Repudiation
Potential Impacts:
Gain Privileges Or Assume Identity Hide Activities
Applicable Platforms
All platforms may be affected
Likelihood of Exploit: High
View CWE Details
367

Time-of-check Time-of-use (TOCTOU) Race Condition

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Other Non-Repudiation
Potential Impacts:
Alter Execution Logic Unexpected State Modify Application Data Modify Files Or Directories Modify Memory Other Hide Activities
Applicable Platforms
All platforms may be affected
Likelihood of Exploit: Medium
View CWE Details
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-25704
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-25704