CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-46802: Temporary chown() of users' TTY to mode 0666 allows PTY hijacking in screen

6.0 CVSS

Description

For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session.

Classification

CVE ID: CVE-2025-46802

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.0

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

Affected Products

Vendor: SUSE

Product: SUSE Linux Enterprise Micro 5.3, SUSE Linux Enterprise Micro 5.4, SUSE Linux Enterprise Micro 5.5, SUSE Linux Enterprise Module for Basesystem 15 SP6, SUSE Linux Enterprise Server 15 SP6, SUSE Linux Enterprise Desktop 15 SP6, SUSE Linux Enterprise Server for SAP Applications 15 SP6, SUSE Linux Enterprise High Performance Computing 15 SP6

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.01% (probability of being exploited)

EPSS Percentile: 1.06% (scored less or equal to compared to others)

EPSS Date: 2025-06-18 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-46802
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-46802
https://www.openwall.com/lists/oss-security/2025/05/12/1

Timeline

2025-05-26 16:40:22 UTC
CVE

Temporary chown() of users' TTY to mode 0666 allows PTY hijacking in screen