What happened
Critical InputPlumber vulnerabilities enable UI injection and DoS were disclosed in the InputPlumber Linux utility used to combine input devices into virtual devices, notably on SteamOS platforms. Security researchers at SUSE identified multiple flaws, including CVE-2025-66005 and CVE-2025-14338, stemming from inadequate D-Bus authentication and Polkit misconfigurations. These issues allow a local attacker to inject unauthorized UI inputs, leak information from restricted files, or cause denial-of-service conditions by misusing privileged D-Bus methods exposed by the service. Because InputPlumber can run with elevated privileges, exploitation may escalate privileges within active sessions or compromise system stability.Â
Who is affected
Users and organizations running systems that include InputPlumber, particularly gaming platforms like SteamOS or Linux distributions integrating the utility, face potential local privilege escalation and service disruption.
Why CISOs should care
Local privilege escalation and DoS vulnerabilities in utilities running with elevated privileges can undermine endpoint security controls and provide footholds for further compromise of user-facing systems.
3 practical actions
Apply patches: Install vendor updates that fix CVE-2025-66005 and CVE-2025-14338.
Harden service access: Restrict local access to privileged services like InputPlumber.
Monitor for misuse: Detect abnormal UI events and process crashes indicative of exploitation.