CVE-2025-27148

Summary

CVE-2025-27148 is a local privilege escalation vulnerability affecting the Gradle build automation tool on Unix-like systems. The native-platform tool, which provides Java bindings for native APIs, initializes a library using the system temporary directory with open permissions, making it susceptible to file deletion and recreation by unprivileged users. This can lead to a privilege escalation attack. Prior to version 0.22-milestone-28, the net.rubygrapefruit:native-platform library did not enforce mandatory initialization, allowing the library to use the system temporary directory for initialization. This issue affected Gradle 8.12, and the only workaround involved doing a proper initialization using a safe location. The vulnerability was caused by a specific codepath in Gradle 8.12, where the initialization of the native library took a default path, copying the binaries to the system temporary directory. Version 0.22-milestone-28, and subsequent releases, address this issue by enforcing mandatory initialization and no longer using the system temporary directory for library initialization. Users can mitigate the risk by setting the "sticky" bit on the system temporary directory, limiting file deletion to the original user or root, or moving the Java temporary directory to a location with restricted permissions. It is recommended to upgrade to the latest Gradle release, as outdated versions remain vulnerable.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.