Auth bypass in Https://github.com/shadowblip Inputplumber
CVE-2025-66005
Lack of authorization of the InputManager D-Bus interface in InputPlumber versions before v0.63.0 can lead to local Denial-of-Service, information leak or even privilege escalation in the context of the currently active user session.
Vulnerability class: Broken Access Control
EPSS: 0.002 (10.0th percentile) — read the EPSS interpretation.
Affected products
- Https://github.com/shadowblip Inputplumber — versions ?