CVE-2025-67859 is classified under CWE-287 (Improper Authentication) and affects TLP, a popular Linux power management tool hosted on GitHub by the linrunner project. The vulnerability exists in TLP versions from 1.9 up to but not including 1.9.1. It allows local users—without any prior authentication or elevated privileges—to arbitrarily control the power profile currently in use and modify the daemon's logging settings. This improper authentication flaw means that the TLP daemon does not adequately verify the identity or privileges of the user requesting changes, enabling unauthorized configuration manipulation. The attack vector is local (AV:L), requiring the attacker to have local access to the system but no privileges (PR:N) or user interaction (UI:N) is needed. The impact on confidentiality, integrity, and availability is limited but notable: unauthorized power profile changes can affect system performance and energy consumption, while log setting modifications can hinder audit and forensic capabilities. The vulnerability does not affect system components beyond TLP and does not require network access or remote exploitation. No public exploits have been reported, and the vendor has reserved the CVE and published the advisory with a medium severity rating (CVSS 5.1). The issue is expected to be fixed in TLP version 1.9.1 or later, although no patch links are currently provided.

For European organizations, the primary impact of CVE-2025-67859 lies in the potential for local attackers or unauthorized users to alter power management settings and logging configurations on Linux systems running TLP 1.9. This can lead to degraded system performance, increased energy consumption, or reduced system stability if inappropriate power profiles are applied. More critically, manipulation of logging settings can impair the ability to monitor and audit system activities, complicating incident detection and response efforts. While the vulnerability does not allow remote exploitation, environments with shared or multi-user Linux systems—such as development workstations, research labs, or server environments—may be at higher risk. The impact on confidentiality is low, but integrity and availability could be moderately affected due to unauthorized configuration changes. Organizations relying on TLP for power optimization and system monitoring should consider this vulnerability a moderate risk, especially where local user access controls are weak or where compliance requires strict audit trails.

1. Upgrade TLP to version 1.9.1 or later as soon as the patch is released to ensure the authentication flaw is corrected. 2. Restrict local user access on Linux systems running TLP to trusted personnel only, minimizing the risk of unauthorized configuration changes. 3. Implement strict file system permissions and access controls on TLP configuration files and daemon interfaces to prevent unauthorized modifications. 4. Monitor system logs and power profile changes for unusual activity that could indicate exploitation attempts. 5. Use Linux security modules (e.g., SELinux, AppArmor) to enforce additional access restrictions on TLP processes and configuration files. 6. Incorporate TLP configuration and log integrity checks into regular security audits and endpoint monitoring. 7. Educate system administrators and users about the risks of local privilege escalation and the importance of maintaining strict local access controls.