CVE-2025-23394— daily-backup.sh script in cyrus-imapd allows escalation from cyrus to root

EPSS 0.71% · P72 Updated May 27, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-23394

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

daily-backup.sh script in cyrus-imapd allows escalation from cyrus to root

Source: NVD (National Vulnerability Database)

Vulnerability Description

A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root.This issue affects openSUSE Tumbleweed cyrus-imapd before 3.8.4-2.1.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

CWE-61

Source: NVD (National Vulnerability Database)

Vulnerability Title

openSUSE Tumbleweed cyrus-imapd 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

openSUSE Tumbleweed cyrus-imapd是德国openSUSE开源的一个高度可扩展的企业邮件系统，采用基于标准的技术，专为各种规模的企业环境而设计。 openSUSE Tumbleweed cyrus-imapd 3.8.4-2.1之前版本存在安全漏洞，该漏洞源于符号链接跟随问题，可能导致权限提升。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
SUSE	openSUSE Tumbleweed	? ~ 3.8.4-2.1	-

II. Public POCs for CVE-2025-23394

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-23394

请登录查看更多情报信息。

https://nvd.nist.gov/vuln/detail/CVE-2025-23394

Same Patch Batch · SUSE · 2025-05-26 · 3 CVEs total

CVE-2025-46802	6.0 MEDIUM	Temporary chown() of users' TTY to mode 0666 allows PTY hijacking in screen
CVE-2025-23392	5.2 MEDIUM	Reflected XSS in SystemsController.java in spacewalk-java

IV. Related Vulnerabilities

Same product: openSUSE Tumbleweed

Same vendor: SUSE

Same weakness: CWE-61

V. Comments for CVE-2025-23394

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-23394— daily-backup.sh script in cyrus-imapd allows escalation from cyrus to root

I. Basic Information for CVE-2025-23394

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-23394

III. Intelligence Information for CVE-2025-23394

Same Patch Batch · SUSE · 2025-05-26 · 3 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2025-23394

Leave a comment