{"vulnerability": "cve-2025-23222", "sightings": [{"uuid": "daec76d0-278e-4dd7-9255-298485e4a4e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23222", "type": "seen", "source": "MISP/f7787455-9994-4047-b6f7-77347597c104", "content": "", "creation_timestamp": "2025-08-26T18:36:20.000000Z"}, {"uuid": "81b6b5a0-175c-4a5f-8459-793cf2f650c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23222", "type": "published-proof-of-concept", "source": "https://t.me/cvedetector/16311", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23222 - Deepin dde-api-proxy Root Privilege Escalation\", \n  \"Content\": \"CVE ID : CVE-2025-23222 \nPublished : Jan. 24, 2025, 5:15 p.m. | 44\u00a0minutes ago \nDescription : An issue was discovered in Deepin dde-api-proxy through 1.0.19 in which unprivileged users can access D-Bus services as root. Specifically, dde-api-proxy runs as root and forwards messages from arbitrary local users to legacy D-Bus methods in the actual D-Bus services, and the actual D-Bus services don't know about the proxy situation (they believe that root is asking them to do things). Consequently several proxied methods, that shouldn't be accessible to non-root users, are accessible to non-root users. In situations where Polkit is involved, the caller would be treated as admin, resulting in a similar escalation of privileges. \nSeverity: 8.4 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-24T19:25:40.000000Z"}, {"uuid": "a2ec93b5-c1ad-44c3-8530-2a1ea769dc97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23222", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2935", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23222\n\ud83d\udd39 Description: An issue was discovered in Deepin dde-api-proxy through 1.0.19 in which unprivileged users can access D-Bus services as root. Specifically, dde-api-proxy runs as root and forwards messages from arbitrary local users to legacy D-Bus methods in the actual D-Bus services, and the actual D-Bus services don't know about the proxy situation (they believe that root is asking them to do things). Consequently several proxied methods, that shouldn't be accessible to non-root users, are accessible to non-root users. In situations where Polkit is involved, the caller would be treated as admin, resulting in a similar escalation of privileges.\n\ud83d\udccf Published: 2025-01-24T00:00:00.000Z\n\ud83d\udccf Modified: 2025-01-24T16:58:18.102Z\n\ud83d\udd17 References:\n1. https://bugzilla.suse.com/show_bug.cgi?id=1229918\n2. https://www.openwall.com/lists/oss-security/2025/01/24/3\n3. https://security.opensuse.org/2025/01/24/dde-api-proxy-privilege-escalation.html", "creation_timestamp": "2025-01-24T17:04:47.000000Z"}, {"uuid": "41d40c02-9686-4bb3-978a-ee2bd120a0b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23222", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113884397944832603", "content": "", "creation_timestamp": "2025-01-24T17:00:06.205181Z"}, {"uuid": "c5564d74-a47c-4b43-9f7c-5cdcb5d683f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23222", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lgnykdzmzb25", "content": "", "creation_timestamp": "2025-01-26T17:52:47.313411Z"}, {"uuid": "7ddb7384-65a8-4f3d-98e5-72e6b1ab644f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23222", "type": "seen", "source": "https://bsky.app/profile/buherator.bsky.social/post/3lq2gykpbkz2g", "content": "", "creation_timestamp": "2025-05-26T05:29:58.255979Z"}, {"uuid": "e2eb80a3-34ad-4990-a9d8-040b2477e6f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23222", "type": "seen", "source": "https://bsky.app/profile/dinosn.bsky.social/post/3lgxcn7args2j", "content": "", "creation_timestamp": "2025-01-30T10:47:20.916448Z"}, {"uuid": "1270340b-f1a8-40b8-adc5-2884e6dc6fdd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23222", "type": "seen", "source": "https://bsky.app/profile/bolhasec.com/post/3lho4lfycgi2q", "content": "", "creation_timestamp": "2025-02-08T12:30:10.135032Z"}, {"uuid": "c49cc6d9-f64c-4d73-8c58-71897b620898", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23222", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/11762", "content": "#Threat_Research\n1. dde-api-proxy: Authentication Bypass in Deepin D-Bus Proxy Service (CVE-2025-23222)\nhttps://security.opensuse.org/2025/01/24/dde-api-proxy-privilege-escalation.html\n2. Exploring Recent CVEs in HPE Insight Remote Support\nhttps://www.pwnfuzz.com/posts/hpe-irs-cve-deep-dive", "creation_timestamp": "2025-02-02T01:23:28.000000Z"}, {"uuid": "608860cd-d0e0-4f68-b97e-b7817889339d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23222", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113884588460255457", "content": "", "creation_timestamp": "2025-01-24T17:48:33.874944Z"}]}