CVE-2025-61035 identifies a vulnerability in the seffaflik software versions up to 0.0.9, related to improper file permission settings and insecure file handling practices. Specifically, the software creates two files, .kimlik and .seffaflik, with default permissions set to 0777 and 0775 respectively. These permissions are excessively permissive, allowing any local user to read, write, or execute these files, which may contain sensitive secrets or configuration data. Moreover, the .kimlik file is written without performing symlink checks, meaning an attacker with local access can create symbolic links pointing to arbitrary files and cause the software to overwrite those files when writing .kimlik. This can lead to arbitrary file overwrite, resulting in denial of service or potential privilege escalation if critical system files are targeted. The vulnerability falls under CWE-276 (Incorrect Default Permissions). The CVSS v3.1 base score is 7.7 (high severity), with an attack vector limited to local access (AV:L), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no confidentiality impact (C:N), but high integrity (I:H) and availability (A:H) impacts. No known exploits are reported yet, but the vulnerability poses a significant risk in multi-user environments where local users may be untrusted. The lack of patch links suggests a fix is not yet publicly available, emphasizing the need for immediate mitigation steps by administrators.

For European organizations, the vulnerability presents a significant risk primarily in environments where seffaflik is deployed on multi-user systems, such as shared servers or developer workstations. The exposure of sensitive secrets through overly permissive file permissions can lead to unauthorized information disclosure within the organization. The ability to overwrite arbitrary files via symlink attacks can cause denial of service by corrupting critical files or configurations, potentially disrupting business operations. In worst cases, this could be leveraged for privilege escalation or lateral movement by malicious insiders or compromised local accounts. Sectors with stringent data protection requirements, such as finance, healthcare, and government, may face compliance risks if sensitive data is exposed. The local attack vector limits remote exploitation but does not eliminate risk in environments with many users or insufficient endpoint security controls. The absence of known exploits currently reduces immediate threat but does not preclude future active exploitation. Overall, the vulnerability could undermine confidentiality, integrity, and availability of affected systems, impacting operational continuity and data security.

European organizations should immediately audit file permissions for .kimlik and .seffaflik files on all systems running seffaflik and restrict them to the minimum necessary, ideally 0600 or 0640, to prevent unauthorized access. Administrators should implement manual symlink checks or use filesystem protections such as the 'nofollow' mount option or mandatory access controls (e.g., AppArmor, SELinux) to prevent symlink exploitation. Until an official patch is released, consider isolating seffaflik execution environments or limiting local user access to trusted personnel only. Employ monitoring to detect unusual file modifications or symlink creations targeting these files. Regularly review and update local user permissions and audit logs for suspicious activity. Engage with the seffaflik vendor or community to obtain patches or updates addressing this vulnerability. Additionally, educate users about the risks of local privilege abuse and enforce strong endpoint security policies. For critical systems, consider temporary workarounds such as running seffaflik under dedicated service accounts with restricted permissions.