Accueil / Bulletins / Security Bulletin 25B36541

Security Bulletin 25B36541

File of a ZED Linux or macOS container opened in a multi user environment can be accessed by an unauthorized local user.

Medium

Security Bulletin 25B36541
24/11/2025

TITLE

File of a ZED Linux or macOS container opened in a multi user environment can be accessed by an unauthorized local user.

SUMMARY

When a file is opened and modified via the ZED! GUI, permissive permissions allow another local user to access the file in unencrypted form. Windows versions, which include all the certified and ANSSI qualified versions, are not impacted.

CVSS SCORE: BASE 5.5 MEDIUM

  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges required (PR): Low (L)
  • User interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): None (N)
  • Availability (A): None (N)

DETAILS

CVEID: Waiting for CVE reference.

AFFECTED PRODUCTS AND VERSIONS

  • ZED! Entreprise for Linux (Ubuntu 22.04) version prior to 2025.1.11
  • ZED! Entreprise for Linux (CentOS 7.0) version prior to 2023.5.4
  • ZED! Entreprise for macOS version prior to 2024.4 b7
  • ZEDPRO for Linux (Ubuntu 22.04) version prior to 2025.1.11
  • ZEDPRO for Linux (CentOS 7.0) version prior to 2023.5.4
  • ZEDPRO for macOS version prior to 2024.4 b7
  • ZEDFREE for Linux (Ubuntu 22.04) version prior to 2025.1.11
  • ZEDFREE for Linux (CentOS 7.0) version prior to 2023.5.4
  • ZEDFREE for macOS version prior to 2024.4 b7

SOLUTIONS AND RECOMMENDATIONS

Depending on your solution, upgrade to one of the following versions:

  • ZED! Entreprise for Linux (Ubuntu 24.04) minimal version 2025.1.14
  • ZED! Entreprise for Linux (CentOS 7.0) minimal version 2023.5.5
  • ZED! Entreprise for macOS minimal version 2024.4 b18
  • ZEDPRO for Linux (Ubuntu 24.04) minimal version 2025.1.14
  • ZEDPRO for Linux (CentOS 7.0) minimal version 2023.5.5
  • ZEDPRO for macOS minimal version 2024.4 b18
  • ZEDFREE for Linux (Ubuntu 24.04) minimal version 2025.1.14
  • ZEDFREE for Linux (CentOS 7.0) minimal version 2023.5.5
  • ZEDFREE for macOS minimal version 2024.4 b18

For more information, contact support@primx.eu

ACKNOWLEDGEMENTS

Mickaël KARATEKIN from SYSDREAM