FlightGear
Moderate fix1 remedy
cpe:2.3:a:flightgear:flightgear:*:*:*:*:*:*:*
Moderate fix1 remedy
FlightGear and SimGear Sandboxing Bypass Vulnerability Allowing Arbitrary File Write
Vulnerability
Patched
A vulnerability exists in both FlightGear and SimGear that allows an attacker to bypass the sandboxing of Nasal scripts. This exploitation enables arbitrary writing to any file path that the user is permitted to modify at the operating system level.
Impact
Exploitation of this vulnerability could lead to unauthorized file modifications, potentially allowing for the introduction of malicious scripts or data that could be used to compromise the application or the user's system.
Reproduction
The vulnerability can be reproduced by creating a Nasal script that attempts to write to a file. The script can bypass the normal restrictions and write to any file path the user has permission to modify.
Remediation
Users can upgrade to FlightGear version 1:2020.3.6+dfsg-1+deb11u1 or SimGear version 1:2020.3.6+dfsg-1+deb11u1 to address this vulnerability.
Added: Sep 1, 2025, 7:22 PM
Updated: Sep 1, 2025, 7:22 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
5.0exploitability
4.3remediation
7.7relevance
0.0threat
4.8urgency
2.9incentive
0.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.