Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Fedora 40: FEDORA-2025-7fd2f66440 urgent: vaultwarden RCE Vulnerability

fedora
Calendar Grey February 9, 2025
Dist Fedora Esm H88
Security notice for Fedora 40: vaultwarden patch addresses Remote Code Execution and elevation of privileges vulnerabilities.
update to 1.33.0

Summary

Unofficial Bitwarden compatible server.

Update Information:

update to 1.33.0

Topics%20covered

Topics Covered

security advisory Fedora remote code execution privilege escalation CSRF vaultwarden

Change Log

* Thu Jan 30 2025 Jonathan Wright - 1.33.0-1 - update to 1.33.0 rhbz#2342073 Fix GHSA-f7r5-w49x-gxm3 Getting access to the Admin Panel via CSRF Fix CVE-2025-24364 RCE in the admin panel Fix CVE-2025-24365 escalation of privilege via variable confusion in OrgHeaders trait

References


[ 1 ] Bug #2342347 - CVE-2025-24365 vaultwarden: vaultwarden allows escalation of privilege via variable confusion in OrgHeaders trait [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2342347 [ 2 ] Bug #2342352 - CVE-2025-24364 vaultwarden: vaultwarden allows RCE in the admin panel [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2342352

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-7fd2f66440' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: vaultwarden
Product: Fedora 40
Version: 1.33.0
Release: 1.fc40
URL: https://github.com/dani-garcia/vaultwarden
Summary: Unofficial Bitwarden compatible server

Topics%20covered

Topics Covered

security advisory Fedora remote code execution privilege escalation CSRF vaultwarden

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here