Critical Vulnerability Information CVE ID CVE-2025-5791 Impact Level Important CVSS v3 Score 7.1 Description A vulnerability has been discovered in Rust that allows privilege escalation. When a user or process has a group list with fewer than exactly 1024 groups, it can lead to an incorrect inclusion of the root group in access_key. Affected Packages and Published Red Hat Security Advisories Red Hat Enterprise Linux 8: rust-sel-key-ds Red Hat Enterprise Linux 8: rust-afterburn Red Hat OpenShift Container Platform 4: kata-containers Red Hat OpenShift Container Platform 4: rust-afterburn Red Hat Trusted Profile Analyzer: rhcos/https-certification-service-rhds CVSS v3 Score Details Attack Vector: Local Attack Complexity: Low Required Privileges: Low User Interaction: None Scope: Unchanged Confidentiality Impact: High Integrity Impact: High Availability Impact: None Frequently Asked Questions Why does Red Hat's CVSS v3 score differ from other vendors'? My product is listed as "under investigation" or "affected"—when will Red Hat release a fix? If my product is listed as "will not be fixed," what should I do? If my product is listed as "fix delayed," what should I do? What are mitigations? I have a Red Hat product, but it is not listed above—am I affected? Why does my security scanner report this vulnerability in my product, even though my product version is patched or unaffected? External References https://www.cve.org/CVERecord?id=CVE-2025-5791 https://src.fedoraproject.org/rpms/rust/c/raw/master/f/CVE-2025-5791.patch https://github.com/rust-lang/rust/issues/444 https://rustsec.org/advisories/RUSTSEC-2025-0042.html