CVE-2025-66005 in inputplumber
Summary
by MITRE • 01/14/2026
Lack of authorization of the InputManager D-Bus interface in InputPlumber versions before v0.63.0 can lead to local Denial-of-Service, information leak or even privilege escalation in the context of the currently active user session.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 01/14/2026
The vulnerability identified as CVE-2025-66005 represents a critical authorization flaw within the InputPlumber system's D-Bus interface implementation. This issue affects versions prior to v0.63.0 and stems from inadequate access controls that fail to properly validate user permissions before granting access to the InputManager D-Bus interface. The InputPlumber service acts as a central hub for managing input devices within desktop environments, making it a prime target for malicious exploitation. When the D-Bus interface lacks proper authorization checks, it creates an attack surface where unauthorized processes can interact with input device management functions without appropriate user context validation.
The technical implementation flaw manifests as a failure to enforce mandatory access controls within the D-Bus communication layer. This allows local processes to invoke methods on the InputManager interface without proper authentication or authorization verification. The vulnerability specifically impacts the InputPlumber service's D-Bus interface which handles input device configuration and management operations. The absence of proper authorization mechanisms means that any local user or process can potentially manipulate input device behavior, access sensitive input data, or disrupt the normal operation of input systems. This flaw aligns with CWE-284 which addresses inadequate access control and represents a classic case of insufficient privilege checking within system services.
The operational impact of this vulnerability spans multiple security domains including denial-of-service conditions, information disclosure, and potential privilege escalation within the active user session. An attacker could exploit this weakness to disrupt input device functionality, causing system instability or complete input failure for the current user. The information leak aspect arises from potential exposure of sensitive input data or device state information that should remain protected. More critically, the privilege escalation potential emerges when the InputPlumber service operates with elevated privileges or when input device manipulation can be leveraged to gain broader system access. This vulnerability particularly affects desktop environments where InputPlumber manages keyboard, mouse, and other input device configurations, creating opportunities for attackers to manipulate user sessions.
From a threat modeling perspective, this vulnerability maps to several ATT&CK techniques including privilege escalation through service manipulation and defense evasion via system component tampering. The attack surface is particularly concerning in multi-user environments where local privilege escalation could allow an attacker to gain access to other user sessions or system resources. The lack of authorization checks means that even processes running with standard user privileges could potentially leverage this vulnerability to perform actions that should be restricted to system administrators or privileged services. Organizations using affected versions of InputPlumber should immediately implement mitigations including updating to version 0.63.0 or later, implementing additional access controls through D-Bus policy files, and monitoring for unauthorized access attempts to the InputManager interface. The vulnerability demonstrates the critical importance of proper authorization enforcement in system services and highlights the need for comprehensive security testing of inter-process communication mechanisms.