- Description
- An issue was discovered in Deepin dde-api-proxy through 1.0.19 in which unprivileged users can access D-Bus services as root. Specifically, dde-api-proxy runs as root and forwards messages from arbitrary local users to legacy D-Bus methods in the actual D-Bus services, and the actual D-Bus services don't know about the proxy situation (they believe that root is asking them to do things). Consequently several proxied methods, that shouldn't be accessible to non-root users, are accessible to non-root users. In situations where Polkit is involved, the caller would be treated as admin, resulting in a similar escalation of privileges.
- Source
- cve@mitre.org
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 8.4
- Impact score
- 5.9
- Exploitability score
- 2.5
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- cve@mitre.org
- CWE-940
- Hype score
- Not currently trending
#Threat_Research 1. dde-api-proxy: Authentication Bypass in Deepin D-Bus Proxy Service (CVE-2025-23222) https://t.co/lGpvVSpuTM 2. Exploring Recent CVEs in HPE Insight Remote Support https://t.co/zUPV7Z3Ydk
@ksg93rd
2 Feb 2025
144 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Authentication Bypass in Deepin D-Bus Proxy Service (CVE-2025-23222): A Critical Design Flaw Exposed https://t.co/djdSdYTKcC
@Dinosn
30 Jan 2025
2035 Impressions
10 Retweets
15 Likes
5 Bookmarks
0 Replies
0 Quotes
CVE-2025-23222 An issue was discovered in Deepin dde-api-proxy through 1.0.19 in which unprivileged users can access D-Bus services as root. Specifically, dde-api-proxy runs as root… https://t.co/iiqfdY7KbJ
@CVEnew
24 Jan 2025
68 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-23222: dde-api-proxy: Authentication Bypass in Deepin D-Bus Proxy Service https://t.co/tVJmCTVzpO is part of the Deepin desktop environment. During the review SUSE discovered a major flaw in the design of this D-Bus service which allows local users to escalate privileges
@oss_security
24 Jan 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes