Vulnerability DatabaseCVE-2025-8614

CVE-2025-8614:
Homebrew vulnerability analysis and mitigation

Overview

NoMachine contains an uncontrolled search path element vulnerability (CVE-2025-8614) that allows local privilege escalation. The vulnerability was discovered on April 25, 2025, and publicly disclosed on August 13, 2025. This security flaw affects NoMachine installations across multiple versions including versions up to 8.17.2 and versions from 9.0 up to 9.1.24 (Zero Day Initiative, NVD).

Technical details

The vulnerability exists within the configuration of OpenSSL in NoMachine. Specifically, the product loads an OpenSSL configuration file from an unsecured location, creating a security weakness classified as CWE-427 (Uncontrolled Search Path Element). The vulnerability has been assigned a CVSS v3.0 score of 7.8 (High) with the following vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (Zero Day Initiative).

Impact

When successfully exploited, this vulnerability enables attackers to escalate privileges and execute arbitrary code in the context of the service account. The attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability (NVD).

Mitigation and workarounds

NoMachine has released an update to address this vulnerability. Users are advised to upgrade to the patched version as detailed in the vendor's knowledge base article (NoMachine KB).

Additional resources

Source: This report was generated using AI

Related Homebrew vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-57052	CRITICAL	9.8	NixOS	cjson	No	Yes	Sep 03, 2025
CVE-2025-8614	HIGH	7.8	Homebrew	cpe:2.3:a:nomachine:nomachine	No	Yes	Sep 02, 2025
CVE-2025-9784	HIGH	7.5	Java	pki-resteasy	No	No	Sep 02, 2025
CVE-2025-51966	MEDIUM	6.1	Homebrew	utools	No	No	Sep 02, 2025
CVE-2025-9732	MEDIUM	4.8	NixOS	dcmtk	No	No	Aug 31, 2025