CVE-2025-32435

CVSS 3.1 Score 2.6 of 10 (low)

Details

Published Apr 15, 2025
Updated: Apr 16, 2025
CWE ID 95

Summary

CVE-2025-32435 is a vulnerability affecting Hydra, a Continuous Integration service for Nix-based projects. The issue arises when evaluating untrusted non-flake Nix code, which could potentially grant access to secrets accessible by the hydra user/group. It's important to note that this vulnerability does not compromise the signing keys, which are owned by separate users, hydra-queue-runner and hydra-www.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share