search menu icon-carat-right cmu-wordmark
Carnegie Mellon University
Please be aware that VINCE will be down for maintenance from 12 noon EST until 4 PM EST on November 19, 2025.

Software Engineering Institute

CERT Coordination Center

Unprotected temporary directories in Wolfram Cloud version 14.2 may result in privilege escalation

Vulnerability Note VU#553375

Original Release Date: 2025-11-11 | Last Revised: 2025-11-11

Overview

Wolfram Cloud version 14.2 allows Java Virtual Machine (JVM) unrestricted access to temporary resources in the /tmp/ directory of the cloud environment which may result in privilege escalation, information exfiltration, and remote code execution. In the same cloud instance, temporary directories of other users may be accessible.

Description

Wolfram Cloud is a multi-tenant cloud platform that supports a virtual "notebook" interface for easier programming and accessibility to tools for quickly building and publishing integrated applications. In this architecture, the instance kernel /tmp/ directory is shared, but with access permissions. Excepting the JVM initialization file, these temporary directories usually do not contain sensitive information. A newly discovered race condition allows attackers to poison the classpath via the shared /tmp/ directory during JVM initializaiton. If an attacker can approximate when users would be launching the JVM, access to an unprotected temporary directory may be successful. The cause is the implementation of the virtual environment by the hosting platform which manages access to temporary files in a multi-tenant cloud environment. A successful attack will give the attacker access to the temporary directories of other users.

Impact

An attacker that accesses the shared /tmp/ directory of the instance can potentially achieve privilege escalation, information exfiltration, and remote code execution. This constitutes a Technical Impact = Total under the SSVC framework, meaning:

The vulnerability gives the adversary total control over the behavior of the software or total disclosure of all information on the affected system.

Solution

The CERT/CC recommends updating Wolfram Cloud to version 14.2.1.

Acknowledgements

Thanks to the reporter Peter Roberge from Pointer Cybersecurity. This document was written by Laurie Tyzenhaus and Renae Metcalf.

Vendor Information

553375
 
Expand all

Wolfram Research Inc. Affected

Notified:  2025-06-20 Updated: 2025-11-11

Statement Date:   July 29, 2025

CVE-2025-11919 Affected

Vendor Statement

The vulnerability, as originally reported, has been patched, to the best of our knowledge.


References

Other Information

CVE IDs: CVE-2025-11919
API URL: VINCE JSON | CSAF
Date Public: 2025-11-11
Date First Published: 2025-11-11
Date Last Updated: 2025-11-11 22:09 UTC
Document Revision: 1

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis