Description

Hydra is a Continuous Integration service for Nix based projects. Evaluation of untrusted non-flake nix code could potentially access secrets that are accessible by the hydra user/group. This should not affect the signing keys, that are owned by the hydra-queue-runner and hydra-www users respectively.

INFO

Published Date :

2025-04-15T22:19:46.856Z

Last Modified :

2025-04-16T13:32:55.159Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-32435 vulnerability.

Vendors Products
Nixos
  • Hydra
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-32435.

URL Resource
https://github.com/NixOS/hydra/commit/8d750265135b7e203520036a742afdf301b4013f cve-icon cve-icon
https://github.com/NixOS/hydra/security/advisories/GHSA-j7w7-965w-vjxw cve-icon cve-icon
https://github.com/NixOS/nixpkgs/pull/397919 cve-icon cve-icon
https://github.com/nix-community/nix-eval-jobs/releases/tag/v2.28.1 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact