CVE-2025-67859

Published: Jan 14, 2026

Modified: Jan 14, 2026

PUBLISHED

Description

A Improper Authentication vulnerability in TLP allows local users to arbitrarily control the power profile in use as well as the daemon’s log settings.This issue affects TLP: from 1.9 before 1.9.1.

Vendor	Product	Versions
https://github.com/linrunner	TLP	affected `1.9 - < 1.9.1`

Weaknesses (CWE)

CWE-287

References

https://security.opensuse.org/2026/01/07/tlp-polkit-authentication-bypass.html

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-67859

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-67859

Description

Affected Products

Weaknesses (CWE)

References