Vulnerability in Sbabic Swupdate

CVE-2025-41259

SWUpdate before 2026.05 is affected by a time-of-check time-of-use (TOCTOU) race condition that allows local unprivileged attackers to escalate privileges to root or install untrusted contents using a signed update.

Vulnerability class: TOCTOU (Time-of-Check to Time-of-Use)

EPSS: 0.000 (1.7th percentile) — read the EPSS interpretation.

Affected products

Sbabic Swupdate — versions 0

Weakness classification (CWE)

CWE-367 — Time-of-check Time-of-use (TOCTOU) Race Condition

References

1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a (third-party-advisory)
1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a (patch)
1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a (product)