Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Fedora 41: Security Advisory FEDORA-2025-41f4056b0e Critical RCE Fix

fedora
Calendar Grey February 8, 2025
Dist Fedora Esm H88
Essential patches deployed for vaultwarden in Fedora 41 target XSS and SQLi vulnerabilities. Prompt intervention needed to ensure security.
update to 1.33.0

Summary

Unofficial Bitwarden compatible server.

Update Information:

update to 1.33.0

Topics%20covered

Topics Covered

security advisory update Fedora privilege escalation CSRF RCE vaultwarden

Change Log

* Thu Jan 30 2025 Jonathan Wright - 1.33.0-1 - update to 1.33.0 rhbz#2342073 Fix GHSA-f7r5-w49x-gxm3 Getting access to the Admin Panel via CSRF Fix CVE-2025-24364 RCE in the admin panel Fix CVE-2025-24365 escalation of privilege via variable confusion in OrgHeaders trait

References


[ 1 ] Bug #2342348 - CVE-2025-24365 vaultwarden: vaultwarden allows escalation of privilege via variable confusion in OrgHeaders trait [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2342348 [ 2 ] Bug #2342353 - CVE-2025-24364 vaultwarden: vaultwarden allows RCE in the admin panel [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2342353

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-41f4056b0e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: vaultwarden
Product: Fedora 41
Version: 1.33.0
Release: 1.fc41
URL: https://github.com/dani-garcia/vaultwarden
Summary: Unofficial Bitwarden compatible server

Topics%20covered

Topics Covered

security advisory update Fedora privilege escalation CSRF RCE vaultwarden

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here