KDE Project Security Advisory
=============================

Title:           LightDM KDE Greeter: Privilege Escalation in KAuth Helper Service
Risk rating:     Medium
CVE:             CVE-2025-62876
Versions:        LightDM KDE Greeter < 6.0.4
Date:            29 December 2025

Overview
========

Since the LightDM service user does not have access to read from
user directories, when setting a background for the login screen in
system settings module, the specified background image is copied to the
service user home directory using the KAuth helper.

Since this is done naively and with root privileges, a compromised greeter
can inject a malicious symbolic link into its home directory and the image
file is copied to an unexpected location.

Impact
======

An attacker, with access to the LightDM service user, could set up a
trap, as a result of which, when setting the background image, replace
an important system file with this image and thus damage the system.

Workaround
==========

Do not set the background image via the system settings module in
versions earlier than 6.0.4

Solution
========

Update LightDM KDE Greeter to 6.0.4 or later.

Credits
=======

Thanks to Matthias Gerstner for reporting this issue.