The chmod utility in uutils coreutils validates only when the target path equals exactly "/", and does not canonicalize the path. This allows an attacker to use path variants such as "/../" or symbolic links to bypass the --preserve-root safety mechanism. By exploiting this flaw, an attacker can execute destructive recursive operations—for example, running chmod -R 000 on the entire root filesystem—leading to a loss of permissions across critical system files and a potential complete system breakdown. The vulnerability exposes a classic pathname traversal weakness (CWE‑22) that directly undermines file system integrity and availability.

The affected product is Uutils coreutils. The vulnerability exists in versions prior to the 0.6.0 release, which was announced in a GitHub pull request and release tag. Users employing earlier versions of the chmod binary in this project are at risk.

The CVSS score of 7.3 highlights a high severity rating, indicating that the flaw can cause significant damage when exploited. Although a current EPSS score is not available, the lack of a KEV listing suggests no widespread exploitation has been reported at this time. Based on the description, the attack vector is local; an attacker or even an accidental user with access to the filesystem and the ability to invoke chmod can craft a path that triggers the bypass. The exploit requires minimal prerequisites beyond the presence of the vulnerable binary, making it relatively straightforward to use.