Platform
other
Component
tlp
Fixed in
1.9.1
CVE-2025-67859 describes an Improper Authentication vulnerability discovered in TLP, a tool for managing power profiles. This flaw allows local users to arbitrarily control the daemon’s log settings and the power profile in use, potentially leading to system instability or unauthorized access to sensitive information. The vulnerability impacts TLP versions 1.9 through 1.9.1, and a fix is available in version 1.9.1.
The primary impact of CVE-2025-67859 lies in the ability of a local attacker to manipulate TLP's configuration. By exploiting this vulnerability, an attacker could alter the system's power profile, potentially causing performance issues, unexpected shutdowns, or even data loss. Furthermore, the attacker can modify the daemon’s log settings, either hiding their activity or injecting malicious log entries to obscure their actions. This could be used to cover up other malicious activities on the system. The blast radius is limited to the local machine running TLP, but the potential for disruption and data compromise warrants immediate attention.
CVE-2025-67859 was publicly disclosed on 2026-01-14. There is currently no indication of active exploitation or a KEV listing. No public proof-of-concept exploits have been released. The vulnerability's reliance on local access suggests a lower probability of widespread exploitation compared to remotely exploitable vulnerabilities.
Exploit Status
EPSS
0.01% (1% percentile)
CISA SSVC
The recommended mitigation for CVE-2025-67859 is to immediately upgrade TLP to version 1.9.1 or later. If upgrading is not immediately feasible due to compatibility concerns or system downtime requirements, consider restricting access to the TLP configuration files and processes to only authorized users. While a direct WAF or proxy rule is unlikely to be effective for this local vulnerability, auditing TLP’s configuration files for unauthorized modifications can provide an early warning sign of compromise. There are no specific Sigma or YARA patterns available at this time, but monitoring system logs for unusual TLP activity is advised.
Update TLP to version 1.9.1 or higher. This will correct the authentication vulnerability and prevent local users from controlling the power profile and daemon log configuration.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-67859 is a vulnerability in TLP versions 1.9–1.9.1 that allows local users to control power profiles and log settings. Its CVSS severity is pending evaluation.
You are affected if you are running TLP versions 1.9 or 1.9.1. Upgrade to 1.9.1 to mitigate the risk.
Upgrade TLP to version 1.9.1 or later. If upgrading is not possible, restrict access to TLP configuration files.
There is currently no evidence of active exploitation of CVE-2025-67859.
Refer to the TLP project's official website or security mailing list for the advisory related to CVE-2025-67859.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.