Cyber Posture

CVE-2025-0781

High

Published: 28 January 2025

Published
28 January 2025
Modified
06 August 2025
KEV Added
Patch
CVSS Score 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0004 12.6th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0781 is a high-severity Incorrect Authorization (CWE-863) vulnerability in Flightgear Simgear. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked at the 12.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to Command and Scripting Interpreter (T1059). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-50 Software-enforced Separation and Policy Enforcement good match
prevent

Implements software-enforced sandboxing and separation mechanisms to prevent bypasses allowing arbitrary file writes from untrusted Nasal scripts.

AC-25 Reference Monitor good match
prevent

Enforces a reference monitor to mediate and restrict all access attempts by sandboxed scripts to authorized file paths only.

AC-3 Access Enforcement good match
prevent

Mandates enforcement of access control policies that block unauthorized file writes by Nasal scripts beyond sandbox restrictions.

MITRE ATT&CK Enterprise TechniquesAI

T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
attack.mitre.org →
Why these techniques?

Sandbox bypass in Nasal scripting engine directly enables abuse of T1059 Command and Scripting Interpreter for unauthorized arbitrary file writes within user permissions.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level.

Deeper analysisAI

CVE-2025-0781 is a sandbox bypass vulnerability in the Nasal scripting engine used by the FlightGear flight simulator and its SimGear library. It allows an attacker to circumvent restrictions on Nasal scripts, enabling arbitrary writes to any file path that the affected user has permission to modify at the operating-system level. The issue, published on 2025-01-28, carries a CVSS v3.1 base score of 8.6 (AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H) and is associated with CWE-863 (Incorrect Authorization).

Exploitation requires local access with low attack complexity and no privileges, but relies on user interaction, such as executing a malicious Nasal script. A successful attack changes scope and achieves high impacts on confidentiality, integrity, and availability by allowing the attacker to overwrite arbitrary user-writable files, potentially leading to persistent code execution or data corruption within the user's permissions.

Patches are available in the FlightGear repository via commit ad37afce28083fad7f79467b3ffdead753584358 and in SimGear via commit 5bb023647114267141a7610e8f1ca7d6f4f5a5a8; details are discussed in FlightGear issue 3025. Debian LTS has addressed the vulnerability in announcements dated 2025-01 (msg00028.html and msg00029.html).

Details

CWE(s)
CWE-863

Affected Products

flightgear
simgear
≤ 2020.3.19
debian
debian linux
11.0

CVEs Like This One

CVE-2026-41303Shared CWE-863
CVE-2024-5705Shared CWE-863
CVE-2026-28473Shared CWE-863
CVE-2026-42434Shared CWE-863
CVE-2026-24061Same product: Debian Debian Linux
CVE-2026-25506Same product: Debian Debian Linux
CVE-2024-46981Same product: Debian Debian Linux
CVE-2024-55581Same product: Debian Debian Linux
CVE-2024-58054Same product: Debian Debian Linux
CVE-2025-0838Same product: Debian Debian Linux

References