TLP

A critical vulnerability in the TLP Linux power management tool has been fixed after researchers discovered it allowed local attackers to bypass authentication and alter system settings. The flaw, identified in version 1.9.0 and tracked as CVE-2025-67859, stemmed from a race condition in the Polkit mechanism. TLP developers released version 1.9.1 on January 7, 2026, addressing the issue following coordinated disclosure.