CVE-2025-43791: 
Java vulnerability analysis and mitigation

RequestStore version 1.3.2, published in 2017, contains a critical file permission vulnerability identified as CVE-2024-43791. The vulnerability was discovered on August 23, 2024, and last updated on July 11, 2025. The issue has been assigned a CVSS 3.1 score of 7.8 (High), affecting multiple Ubuntu releases including versions 25.04, 24.10, 24.04 LTS, 22.04 LTS, 20.04 LTS, 18.04 LTS, and 16.04 LTS (Ubuntu Security).

The vulnerability stems from files published as part of request_store 1.3.2 having 0666 permissions, making them world-writable. This misconfiguration allows local users to execute arbitrary code on the affected systems. The vulnerability has been assessed with a CVSS 3.1 Base Score of 7.8, characterized by Local attack vector, Low attack complexity, Low privileges required, No user interaction needed, Unchanged scope, and High impact on confidentiality, integrity, and availability (Ubuntu Security).

The vulnerability can lead to arbitrary code execution by local users due to world-writable file permissions. However, the actual impact is considered limited as most production environments restrict local user access, and the majority of users are expected to have upgraded from the affected version (Ubuntu Security).

The primary mitigation is to upgrade from RequestStore version 1.3.2 to a newer version. For Ubuntu systems, the vulnerability is currently under evaluation for various Ubuntu releases, including the latest LTS versions (Ubuntu Security).