CVE-2025-53391: 
Linux Debian vulnerability analysis and mitigation

CVE-2025-53391 affects the Debian zuluPolkit/CMakeLists.txt file for zuluCrypt through version zulucrypt6.2.0-1 package. The vulnerability was discovered on June 25, 2025, and stems from insecure PolicyKit allowany/allowinactive/allowactive settings that enable local users to escalate their privileges to root. The issue affects multiple Debian releases including Debian 12 (Bookworm), Debian Trixie, and Debian Sid (Debian Bug, NVD).

The vulnerability exists in a Debian-specific patch that modifies zuluPolkit's default behavior to allow any user to utilize the utility, rather than restricting it to admin users as intended by upstream. zuluPolkit operates using a combination of a UNIX socket and standard input, accepting JSON payloads that can execute privileged commands. The vulnerability has been assigned a CVSS v3.1 base score of 9.3 CRITICAL with vector CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (Wiz, NVD).

The vulnerability allows any local user to escalate their privileges to root access by exploiting zuluPolkit's file manipulation capabilities. An attacker can read and modify sensitive system files, including /etc/shadow, potentially gaining complete control over the affected system. The vulnerability affects all installations where the zulucrypt-gui package is installed (Debian Bug).

The recommended mitigation is to remove the problematic patch that modifies zuluPolkit's PolicyKit configuration. The upstream default behavior of restricting zuluPolkit access to admin users is considered a security feature rather than a bug. System administrators should consider removing or restricting access to the zulucrypt-gui package until a fix is available (Wiz).