What is GHSA-pmf3-4g49-qvxm?

GHSA-pmf3-4g49-qvxm is a security advisory published by GitHub Security Advisories with High severity. SWUpdate before 2026.05 is affected by a time-of-check time-of-use (TOCTOU) race condition that...

Which CVE IDs does GHSA-pmf3-4g49-qvxm cover?

GHSA-pmf3-4g49-qvxm covers the following CVE IDs: CVE-2025-41259. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

GHSA-pmf3-4g49-qvxmHigh

SWUpdate before 2026.05 is affected by a time-of-check time-of-use (TOCTOU) race condition that...

Vendor

GitHub Security Advisories

Published

June 3, 2026

Last Modified

June 3, 2026

🔗 CVE IDs covered (1)

CVE-2025-41259 →

📋 Description

SWUpdate before 2026.05 is affected by a time-of-check time-of-use (TOCTOU) race condition that allows local unprivileged attackers to escalate privileges to root or install untrusted contents using a signed update.

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2025-41259
https://github.com/sbabic/swupdate/commit/f4bd64260e233e207354d68d572b1cbc3e63689d
https://github.com/sbabic/swupdate
https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20251206-01_SWUpdate_Untrusted_Script_Execution_via_Signed_Update_TOCTOU
https://github.com/advisories/GHSA-pmf3-4g49-qvxm