{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-53819","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2025-07-09T14:14:52.529Z","datePublished":"2025-07-14T20:42:12.818Z","dateUpdated":"2025-07-15T19:50:28.259Z"},"containers":{"cna":{"title":"Nix's privilege dropping to build user broke for macOS","problemTypes":[{"descriptions":[{"cweId":"CWE-271","lang":"en","description":"CWE-271: Privilege Dropping / Lowering Errors","type":"CWE"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"LOW","baseScore":7.9,"baseSeverity":"HIGH","confidentialityImpact":"LOW","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L","version":"3.1"}}],"references":[{"name":"https://github.com/NixOS/nix/security/advisories/GHSA-qc7j-jgf3-qmhg","tags":["x_refsource_CONFIRM"],"url":"https://github.com/NixOS/nix/security/advisories/GHSA-qc7j-jgf3-qmhg"},{"name":"https://github.com/NixOS/nix/pull/13281","tags":["x_refsource_MISC"],"url":"https://github.com/NixOS/nix/pull/13281"},{"name":"https://github.com/NixOS/nix/pull/13455","tags":["x_refsource_MISC"],"url":"https://github.com/NixOS/nix/pull/13455"},{"name":"https://github.com/NixOS/nix/commit/e2ef2cfcbc83ea01308ee64c38a58707ab23dec3","tags":["x_refsource_MISC"],"url":"https://github.com/NixOS/nix/commit/e2ef2cfcbc83ea01308ee64c38a58707ab23dec3"}],"affected":[{"vendor":"NixOS","product":"nix","versions":[{"version":"= 2.30.0","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2025-07-14T20:42:12.818Z"},"descriptions":[{"lang":"en","value":"Nix is a package manager for Linux and other Unix systems. Builds with Nix 2.30.0 on macOS were executed with elevated privileges (root), instead of the build users. The fix was applied to Nix 2.30.1. No known workarounds are available."}],"source":{"advisory":"GHSA-qc7j-jgf3-qmhg","discovery":"UNKNOWN"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-07-15T13:55:22.262473Z","id":"CVE-2025-53819","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-07-15T19:50:28.259Z"}}]}}