{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-46802", "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "state": "PUBLISHED", "assignerShortName": "suse", "dateReserved": "2025-04-30T11:28:04.727Z", "datePublished": "2025-05-26T15:10:38.460Z", "dateUpdated": "2025-05-27T14:11:53.805Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "screen", "product": "SUSE Linux Enterprise Micro 5.3", "vendor": "SUSE", "versions": [{"lessThan": "4.6.2-150000.5.8.1", "status": "affected", "version": "?", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "packageName": "screen", "product": "SUSE Linux Enterprise Micro 5.4", "vendor": "SUSE", "versions": [{"lessThan": "4.6.2-150000.5.8.1", "status": "affected", "version": "?", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "packageName": "screen", "product": "SUSE Linux Enterprise Micro 5.5", "vendor": "SUSE", "versions": [{"lessThan": "4.6.2-150000.5.8.1", "status": "affected", "version": "?", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "packageName": "screen", "product": "SUSE Linux Enterprise Module for Basesystem 15 SP6", "vendor": "SUSE", "versions": [{"lessThan": "4.6.2-150000.5.8.1", "status": "affected", "version": "?", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "packageName": "screen", "product": "SUSE Linux Enterprise Server 15 SP6", "vendor": "SUSE", "versions": [{"lessThan": "4.6.2-150000.5.8.1", "status": "affected", "version": "?", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "packageName": "screen", "product": "SUSE Linux Enterprise Desktop 15 SP6", "vendor": "SUSE", "versions": [{"lessThan": "4.6.2-150000.5.8.1", "status": "affected", "version": "?", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "packageName": "screen", "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP6", "vendor": "SUSE", "versions": [{"lessThan": "4.6.2-150000.5.8.1", "status": "affected", "version": "?", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "packageName": "screen", "product": "SUSE Linux Enterprise High Performance Computing 15 SP6", "vendor": "SUSE", "versions": [{"lessThan": "4.6.2-150000.5.8.1", "status": "affected", "version": "?", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Matthias Gerstner, SUSE"}], "datePublic": "2024-05-12T15:24:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session."}], "value": "For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 5.3, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2025-05-26T15:18:22.995Z"}, "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-46802"}, {"url": "https://www.openwall.com/lists/oss-security/2025/05/12/1"}], "source": {"discovery": "UNKNOWN"}, "title": "Temporary chown() of users' TTY to mode 0666 allows PTY hijacking in screen", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-732", "lang": "en", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource"}]}], "references": [{"url": "https://www.openwall.com/lists/oss-security/2025/05/12/1", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-27T14:11:32.619124Z", "id": "CVE-2025-46802", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-27T14:11:53.805Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-46802", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-27T14:11:32.619124Z"}}}], "references": [{"url": "https://www.openwall.com/lists/oss-security/2025/05/12/1", "tags": ["exploit"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-732", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-27T14:11:11.940Z"}}], "cna": {"title": "Temporary chown() of users' TTY to mode 0666 allows PTY hijacking in screen", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Matthias Gerstner, SUSE"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.3, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SUSE", "product": "SUSE Linux Enterprise Micro 5.3", "versions": [{"status": "affected", "version": "?", "lessThan": "4.6.2-150000.5.8.1", "versionType": "custom"}], "packageName": "screen", "defaultStatus": "unaffected"}, {"vendor": "SUSE", "product": "SUSE Linux Enterprise Micro 5.4", "versions": [{"status": "affected", "version": "?", "lessThan": "4.6.2-150000.5.8.1", "versionType": "custom"}], "packageName": "screen", "defaultStatus": "unaffected"}, {"vendor": "SUSE", "product": "SUSE Linux Enterprise Micro 5.5", "versions": [{"status": "affected", "version": "?", "lessThan": "4.6.2-150000.5.8.1", "versionType": "custom"}], "packageName": "screen", "defaultStatus": "unaffected"}, {"vendor": "SUSE", "product": "SUSE Linux Enterprise Module for Basesystem 15 SP6", "versions": [{"status": "affected", "version": "?", "lessThan": "4.6.2-150000.5.8.1", "versionType": "custom"}], "packageName": "screen", "defaultStatus": "unaffected"}, {"vendor": "SUSE", "product": "SUSE Linux Enterprise Server 15 SP6", "versions": [{"status": "affected", "version": "?", "lessThan": "4.6.2-150000.5.8.1", "versionType": "custom"}], "packageName": "screen", "defaultStatus": "unaffected"}, {"vendor": "SUSE", "product": "SUSE Linux Enterprise Desktop 15 SP6", "versions": [{"status": "affected", "version": "?", "lessThan": "4.6.2-150000.5.8.1", "versionType": "custom"}], "packageName": "screen", "defaultStatus": "unaffected"}, {"vendor": "SUSE", "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP6", "versions": [{"status": "affected", "version": "?", "lessThan": "4.6.2-150000.5.8.1", "versionType": "custom"}], "packageName": "screen", "defaultStatus": "unaffected"}, {"vendor": "SUSE", "product": "SUSE Linux Enterprise High Performance Computing 15 SP6", "versions": [{"status": "affected", "version": "?", "lessThan": "4.6.2-150000.5.8.1", "versionType": "custom"}], "packageName": "screen", "defaultStatus": "unaffected"}], "datePublic": "2024-05-12T15:24:00.000Z", "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-46802"}, {"url": "https://www.openwall.com/lists/oss-security/2025/05/12/1"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session.", "supportingMedia": [{"type": "text/html", "value": "For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session.", "base64": false}]}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2025-05-26T15:18:22.995Z"}}}, "cveMetadata": {"cveId": "CVE-2025-46802", "state": "PUBLISHED", "dateUpdated": "2025-05-27T14:11:53.805Z", "dateReserved": "2025-04-30T11:28:04.727Z", "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "datePublished": "2025-05-26T15:10:38.460Z", "assignerShortName": "suse"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session."}, {"lang": "es", "value": "Durante un breve per\u00edodo de tiempo, el PTY se establece en modo 666, lo que permite que cualquier usuario del sistema se conecte a la sesi\u00f3n de pantalla. "}], "id": "CVE-2025-46802", "lastModified": "2025-05-28T15:01:30.720", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.2, "source": "meissner@suse.de", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "meissner@suse.de", "type": "Secondary"}]}, "published": "2025-05-26T16:15:20.557", "references": [{"source": "meissner@suse.de", "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-46802"}, {"source": "meissner@suse.de", "url": "https://www.openwall.com/lists/oss-security/2025/05/12/1"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://www.openwall.com/lists/oss-security/2025/05/12/1"}], "sourceIdentifier": "meissner@suse.de", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "screen: TTY Hijacking while Attaching to a Multiuser Session", "id": "2364199", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364199"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-362", "details": ["For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session.", "A flaw was found in Screen, allowing TTY hijacking during attachment to a multiuser session. The issue with this temporary TTY mode change is that it introduces a race condition that allows any other user in the system to open the caller's TTY for reading and writing for a small period of time."], "mitigation": {"lang": "en:us", "value": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability."}, "name": "CVE-2025-46802", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "screen", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "screen", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2025-05-13T16:42:22Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-46802\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-46802"], "statement": "This vulnerability is an Important local privilege escalation vector rather than a mere moderate flaw due to its exploitation potential during the short-lived but dangerously permissive window created by chmod(attach_tty, 0666). Even though the exposure of the TTY permissions may appear transient, this window allows attackers with local access to reliably read and inject arbitrary data into the victim\u2019s TTY, including sensitive inputs like passwords or session-specific commands. The race condition inherent in the Attach() function\u2019s logic multiplies the risk since TTY access for the duration of this window can be repeatedly attempted and exploited with high success rates. Furthermore, this vulnerability bypasses the usual privilege separation model of multi-user systems by enabling an unprivileged attacker to subvert the victim\u2019s TTY in ways that can directly compromise the user\u2019s session integrity and lead to further exploitation, such as terminal escape attacks or sophisticated phishing scenarios.", "threat_severity": "Important"}