{}

{}

{}

{"bugzilla": {"description": "screen: Local Root Exploit via `logfile_reopen()`", "id": "2364184", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364184"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", "status": "draft"}, "cwe": "CWE-250", "details": ["A flaw was found in Screen. When running with setuid-root privileged, the logfile_reopen() function does not drop privileges while operating on a user-supplied path. This vulnerability allows an unprivileged user to create files in arbitrary locations with root ownership."], "mitigation": {"lang": "en:us", "value": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability."}, "name": "CVE-2025-23395", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "screen", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "screen", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2025-05-13T16:43:21Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-23395\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-23395"], "statement": "This vulnerability only affects Screen versions 5.0.0 and above.\nThis is a moderate vulnerability because it allows creation or modification of root-owned files only with controlled PTY output and fixed permissions (0644), without enabling arbitrary code execution or full root access. Exploitation relies on triggering logfile_reopen() by manipulating the logfile\u2019s link count or size, which limits reliability. While it breaks expected privilege boundaries, the impact is constrained to integrity issues like log injection or limited file manipulation, justifying a moderate severity classification.", "threat_severity": "Moderate"}