Nixpkgs security tracker

Untriaged

Permalink CVE-2025-66164

5.4 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): NONE

created 2 months, 4 weeks ago

WordPress Laser plugin <= 1.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Laser laser allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Laser: from n/a through <= 1.1.1.

References

Affected products

laser

=<<= 1.1.1

Matching in nixpkgs

pkgs.brlaser

CUPS driver for Brother laser printers

nixos-unstable 6.2.7
- nixpkgs-unstable 6.2.7
- nixos-unstable-small 6.2.7
nixos-25.11 6.2.8
- nixpkgs-25.11-darwin 6.2.8

pkgs.dell-530cdn

None

nixos-unstable 5130cdn-Color-Laser-1.3-1
- nixpkgs-unstable 5130cdn-Color-Laser-1.3-1
- nixos-unstable-small 5130cdn-Color-Laser-1.3-1
nixos-25.11 5130cdn-Color-Laser-1.3-1
- nixpkgs-25.11-darwin 5130cdn-Color-Laser-1.3-1

pkgs.ooklaserver

Ookla TCP based server daemon that provides standalone testing

nixos-unstable 2.11.1.2
- nixpkgs-unstable 2.11.1.2
- nixos-unstable-small 2.11.1.2
nixos-25.11 2.11.1.2
- nixpkgs-25.11-darwin 2.11.1.2

pkgs.haskellPackages.lasercutter

A high-powered, single-pass tree parser

nixos-unstable 0.1.0.0
- nixpkgs-unstable 0.1.0.0
- nixos-unstable-small 0.1.0.0
nixos-25.11 0.1.0.0
- nixpkgs-25.11-darwin 0.1.0.0

pkgs.python312Packages.toptica-lasersdk

TOPTICA Python Laser SDK

nixos-unstable 3.3.0
- nixpkgs-unstable 3.3.0
- nixos-unstable-small 3.3.0
nixos-25.11 3.3.0
- nixpkgs-25.11-darwin 3.3.0

pkgs.python313Packages.toptica-lasersdk