Main Vulnerability Database Vulnerabilities #VU125374

#VU125374 Privilege Dropping / Lowering Errors in nix - CVE-2025-53819

Published: April 8, 2026

Vulnerability identifier: #VU125374

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-53819

CWE-ID: CWE-271

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
nix

Software vendor:
nixos.org

Description

The vulnerability allows a local user to execute builds with elevated privileges.

The vulnerability exists due to privilege dropping / lowering errors in the build user privilege dropping mechanism when executing builds on macOS. A local user can trigger a build to execute it as root to execute builds with elevated privileges.

On affected macOS systems, builds were executed as root instead of the intended build users.

Remediation

Install security update from vendor's website.

External links

https://github.com/NixOS/nix/security/advisories/GHSA-qc7j-jgf3-qmhg
https://github.com/advisories/GHSA-qc7j-jgf3-qmhg

#VU125374 Privilege Dropping / Lowering Errors in nix - CVE-2025-53819

Description

Remediation

External links

Please verify you're human