CVE-2025-32438

Description

make-initrd-ng is a tool for copying binaries and their dependencies. Local privilege escalation affecting all NixOS users. With systemd.shutdownRamfs.enable enabled (the default) a local user is able to create a program that will be executed by root during shutdown. Patches exist for NixOS 24.11 and 25.05 / unstable. As a workaround, set systemd.shutdownRamfs.enable = false;.

CVSS v3.1 Score

8.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Weakness Type (CWE)

CWE-378 CWE-378

CWE-379 CWE-379

References

Other References

https://github.com/NixOS/nixpkgs/commit/b17590193d8e5697000c23c66afcf11e1753734d https://github.com/NixOS/nixpkgs/commit/fbf76bf72b161b9f4ab97704a8258776d5f3ffba https://github.com/NixOS/nixpkgs/security/advisories/GHSA-m7pq-h9p4-8rr4

Frequently Asked Questions

What is CVE-2025-32438? +

make-initrd-ng is a tool for copying binaries and their dependencies. Local privilege escalation affecting all NixOS users. With systemd.shutdownRamfs.enable enabled (the default) a local user is able to create a program that will be executed by root during shutdown. Patches exist for NixOS 24.11 and 25.05 / unstable. As a workaround, set systemd.shutdownRamfs.enable = false;. It has a CVSS v3.1 base score of 8.8 (HIGH).

How severe is CVE-2025-32438? +

CVE-2025-32438 has a CVSS v3.1 score of 8.8 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.

How do I check if I'm vulnerable to CVE-2025-32438? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-34352

JumpCloud Remote Assist for Windows versions prior to 0.317.0 include an uninstaller that is invoked by the JumpCloud Windows Agent …

CVE-2024-47884

foxmarks is a CLI read-only interface for Firefox's bookmarks and history. A temporary file was created under the /tmp directory …

CVE-2024-39872 9.6

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not …

CVE-2025-27148 8.8

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the …

CVE-2024-7358 7.8

A vulnerability was found in Point B Ltd Getscreen Agent 2.19.6 on Windows. It has been declared as critical. Affected …

CVE-2025-38747 7.8

Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contain a Creation of Temporary File With Insecure Permissions vulnerability. A local …