CVE-2025-53882

Name	CVE-2025-53882
Description	A Reliance on Untrusted Inputs in a Security Decision vulnerability in the logrotate configuration for openSUSE mailman3 package allows the mailman user to sent SIGHUP to arbitrary processes. This issue affects openSUSE Tumbleweed: from ? before 3.3.10-2.1.
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
mailman3 (PTS)	bullseye	3.3.3-1	fixed
	bookworm	3.3.8-2~deb12u2	fixed
	forky, sid, trixie	3.3.10-2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
mailman3	source	(unstable)	(not affected)

- mailman3 <not-affected> (SUSE-specific logrotate configuration issue)
https://bugzilla.suse.com/show_bug.cgi?id=1246467