CVE-2023-7025 - Vulnerability Details - OpenCVE

A vulnerability was found in KylinSoft hedron-domain-hook up to 3.8.0.12-0k0.5. It has been declared as critical. This vulnerability affects the function init_kcm of the component DBus Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-248578 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00043.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Kylinos	Hedron-domain-hook

Configuration 1 [-]

cpe:2.3:a:kylinos:hedron-domain-hook:*:*:*:*:*:*:*:*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://note.zhaoj.in/share/B05NqMPvEqoU
https://vuldb.com/?ctiid.248578
https://vuldb.com/?id.248578

History

Thu, 24 Apr 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2023-12-21T03:00:05.997Z

Updated: 2025-04-24T14:52:19.785Z

Reserved: 2023-12-20T17:48:39.593Z

Link: CVE-2023-7025

Vulnrichment

Updated: 2024-08-02T08:50:07.595Z

NVD

Status : Modified

Published: 2023-12-21T03:15:07.857

Modified: 2024-11-21T08:45:04.097

Link: CVE-2023-7025

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-7025", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2023-12-20T17:48:39.593Z", "datePublished": "2023-12-21T03:00:05.997Z", "dateUpdated": "2025-04-24T14:52:19.785Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-02-13T07:29:31.478Z"}, "title": "KylinSoft hedron-domain-hook DBus init_kcm access control", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "CWE-284 Improper Access Controls"}]}], "affected": [{"vendor": "KylinSoft", "product": "hedron-domain-hook", "versions": [{"version": "3.8.0.12-0k0.0", "status": "affected"}, {"version": "3.8.0.12-0k0.1", "status": "affected"}, {"version": "3.8.0.12-0k0.2", "status": "affected"}, {"version": "3.8.0.12-0k0.3", "status": "affected"}, {"version": "3.8.0.12-0k0.4", "status": "affected"}, {"version": "3.8.0.12-0k0.5", "status": "affected"}], "modules": ["DBus Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in KylinSoft hedron-domain-hook up to 3.8.0.12-0k0.5. It has been declared as critical. This vulnerability affects the function init_kcm of the component DBus Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-248578 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "In KylinSoft hedron-domain-hook bis 3.8.0.12-0k0.5 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Dabei geht es um die Funktion init_kcm der Komponente DBus Handler. Dank der Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.8, "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C"}}], "timeline": [{"time": "2023-12-20T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2023-12-20T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2023-12-20T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-01-13T18:05:48.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "glzjin (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.248578", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.248578", "tags": ["signature", "permissions-required"]}, {"url": "https://note.zhaoj.in/share/B05NqMPvEqoU", "tags": ["broken-link", "exploit"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:50:07.595Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.248578", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.248578", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://note.zhaoj.in/share/B05NqMPvEqoU", "tags": ["broken-link", "exploit", "x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2023-12-21T19:31:54.377274Z", "id": "CVE-2023-7025", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-24T14:52:19.785Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.248578", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.248578", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://note.zhaoj.in/share/B05NqMPvEqoU", "tags": ["broken-link", "exploit", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:50:07.595Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-7025", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2023-12-21T19:31:54.377274Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-24T14:52:15.541Z"}}], "cna": {"title": "KylinSoft hedron-domain-hook DBus init_kcm access control", "credits": [{"lang": "en", "type": "reporter", "value": "glzjin (VulDB User)"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.8, "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C"}}], "affected": [{"vendor": "KylinSoft", "modules": ["DBus Handler"], "product": "hedron-domain-hook", "versions": [{"status": "affected", "version": "3.8.0.12-0k0.0"}, {"status": "affected", "version": "3.8.0.12-0k0.1"}, {"status": "affected", "version": "3.8.0.12-0k0.2"}, {"status": "affected", "version": "3.8.0.12-0k0.3"}, {"status": "affected", "version": "3.8.0.12-0k0.4"}, {"status": "affected", "version": "3.8.0.12-0k0.5"}]}], "timeline": [{"lang": "en", "time": "2023-12-20T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2023-12-20T00:00:00.000Z", "value": "CVE reserved"}, {"lang": "en", "time": "2023-12-20T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2024-01-13T18:05:48.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.248578", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.248578", "tags": ["signature", "permissions-required"]}, {"url": "https://note.zhaoj.in/share/B05NqMPvEqoU", "tags": ["broken-link", "exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in KylinSoft hedron-domain-hook up to 3.8.0.12-0k0.5. It has been declared as critical. This vulnerability affects the function init_kcm of the component DBus Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-248578 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "In KylinSoft hedron-domain-hook bis 3.8.0.12-0k0.5 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Dabei geht es um die Funktion init_kcm der Komponente DBus Handler. Dank der Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Controls"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-02-13T07:29:31.478Z"}}}, "cveMetadata": {"cveId": "CVE-2023-7025", "state": "PUBLISHED", "dateUpdated": "2025-04-24T14:52:19.785Z", "dateReserved": "2023-12-20T17:48:39.593Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2023-12-21T03:00:05.997Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kylinos:hedron-domain-hook:*:*:*:*:*:*:*:*", "matchCriteriaId": "6BD5F9AD-A8F4-44EB-AF10-B2CBBCA99CFB", "versionEndIncluding": "3.8.0.12-0k0.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in KylinSoft hedron-domain-hook up to 3.8.0.12-0k0.5. It has been declared as critical. This vulnerability affects the function init_kcm of the component DBus Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-248578 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en KylinSoft hedron-domain-hook hasta 3.8.0.12-0k0.5. Ha sido declarado cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n init_kcm del componente DBus Handler. La manipulaci\u00f3n conduce a controles de acceso inadecuados. Es requerido atacar localmente. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-248578 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 al proveedor r\u00e1pidamente sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna forma."}], "id": "CVE-2023-7025", "lastModified": "2024-11-21T08:45:04.097", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-21T03:15:07.857", "references": [{"source": "cna@vuldb.com", "tags": ["Broken Link"], "url": "https://note.zhaoj.in/share/B05NqMPvEqoU"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?ctiid.248578"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.248578"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://note.zhaoj.in/share/B05NqMPvEqoU"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?ctiid.248578"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.248578"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "cna@vuldb.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}