CVE-2025-23395

Published May 26, 2025

Last updated 2 months ago

CVSS high 7.3

Overview

Description
Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. This allows unprivileged users to create files in arbitrary locations with `root` ownership, the invoking user's (real) group ownership and file mode 0644. All data written to the Screen PTY will be logged into this file, allowing to escalate to root privileges
Source
meissner@suse.de
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
7.3
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

CVSS 3.1

Type
Secondary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

meissner@suse.de
CWE-271

Social media

Hype score
Not currently trending

  1. CVE-2025-23395 (CVSS:7.3, HIGH) is Awaiting Analysis. Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. ..https://t.co/hm2NP06Nxl #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    31 May 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-23395 (CVSS:7.3, HIGH) is Awaiting Analysis. Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. ..https://t.co/hm2NP06Nxl #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    30 May 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. ๐Ÿšจ CVE-2025-23395 ๐Ÿ”ด HIGH (7.8) ๐Ÿข Unknown Vendor - Unknown Product ๐Ÿ—๏ธ 5.0 ๐Ÿ”— https://t.co/Dq486eMipq ๐Ÿ”— https://t.co/3K3e4GHAjS #CyberCron #VulnAlert #InfoSec https://t.co/pUqq9R1I80

    @cybercronai

    27 May 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. ๐Ÿšจ CVE-2025-23395 ๐Ÿ”ด HIGH (7.8) ๐Ÿข Unknown Vendor - Unknown Product ๐Ÿ—๏ธ 5.0 ๐Ÿ”— https://t.co/Dq486eMipq ๐Ÿ”— https://t.co/3K3e4GHAjS #CyberCron #VulnAlert #InfoSec https://t.co/saukkTEAJ1

    @cybercronai

    26 May 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-23395 Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. This allows unprivileged users to create filesโ€ฆ https://t.co/ZQ8LhM83BT

    @CVEnew

    26 May 2025

    543 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2025-23395 screen https://t.co/cs29sfnQLb

    @VulmonFeeds

    12 May 2025

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.