CVE-2025-23394

daily-backup.sh script in cyrus-imapd allows escalation from cyrus to root

Description

A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root.This issue affects openSUSE Tumbleweed cyrus-imapd before 3.8.4-2.1.

INFO

Published Date :

2025-05-26T15:34:32.562Z

Last Modified :

2025-05-27T14:05:20.489Z

Source :

suse

AFFECTED PRODUCTS

The following products are affected by CVE-2025-23394 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-23394.

URL	Resource
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23394

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact