Auth bypass in Https://github.com/shadowblip Inputplumber

CVE-2025-66005

Lack of authorization of the InputManager D-Bus interface in InputPlumber versions before v0.63.0 can lead to local Denial-of-Service, information leak or even privilege escalation in the context of the currently active user session.

Vulnerability class: Broken Access Control

EPSS: 0.002 (10.0th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References