CVE-2025-32435
CVSS 3.1 Score 2.6 of 10 (low)
Details
Published Apr 15, 2025
Updated: Apr 16, 2025
CWE ID 95
Summary
CVE-2025-32435 is a vulnerability affecting Hydra, a Continuous Integration service for Nix-based projects. The issue arises when evaluating untrusted non-flake Nix code, which could potentially grant access to secrets accessible by the hydra user/group. It's important to note that this vulnerability does not compromise the signing keys, which are owned by separate users, hydra-queue-runner and hydra-www.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.