CVE-2026-25710

Published: Mag 13, 2026 Last Modified: Mag 13, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,0
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: passive
Confidentiality: N/A
Integrity: N/A
Availability: N/A

Description

AI Translation Available

The new upstream added a privileged D-Bus
helper called plasmaloginauthhelper, which suffers from multiple issues, e.g.aA compromised plasmalogin service account can chown() arbitrary files in the system.

250

Execution with Unnecessary Privileges

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Availability Access Control
Potential Impacts:
Gain Privileges Or Assume Identity Execute Unauthorized Code Or Commands Read Application Data Dos: Crash, Exit, Or Restart
Applicable Platforms
Technologies: AI/ML, Mobile
Likelihood of Exploit: Medium
View CWE Details
http://www.openwall.com/lists/oss-security/2026/04/27/1
http://www.openwall.com/lists/oss-security/2026/04/27/1
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-25710
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-25710
https://security.opensuse.org/2026/04/27/plasma-login-manag…
https://security.opensuse.org/2026/04/27/plasma-login-manager.html#6-upstream-b…