CVE-2025-29906

Published Apr 29, 2025

Last updated 2 months ago

CVSS high 8.6

Overview

Description
Finit is a fast init for Linux systems. Versions starting from 3.0-rc1 and prior to version 4.11 bundle an implementation of getty for the `tty` configuration directive that can bypass `/bin/login`, i.e., a user can log in as any user without authentication. This issue has been patched in version 4.11.
Source
security-advisories@github.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.6
Impact score
6
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Severity
HIGH

Weaknesses

security-advisories@github.com
CWE-287

Social media

Hype score
Not currently trending

  1. #Vulnerability #AuthenticationBypass CVE-2025-29906: Finit’s Bundled Getty Flaw Allows Authentication Bypass on Linux Systems https://t.co/Xcg70t8XhH

    @Komodosec

    23 Jun 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-29906: Finit’s Bundled Getty Flaw Allows Authentication Bypass on Linux Systems https://t.co/dIMcCb77l5 #appsec

    @eyalestrin

    1 May 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 CVE-2025-29906 in finit < 4.7 risks local privilege escalation via config files! Manages services like getty for ttys in lightweight/embedded Linux. Patch to 4.7! 🔒 AI vulns surging! Details: https://t.co/eTPZKXaPUf #Cybersecurity #Linux

    @_F2po_

    1 May 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 CVE-2025-29906 dans finit < 4.7 risque une élévation de privilèges locale via des fichiers de config ! Gère des services comme getty pour les ttys dans les Linux légers/embarqués. Passez à 4.7 ! 🔒 Vulnérabilités IA en hausse ! Détails : https://t.co/eTPZKXaPU

    @_F2po_

    1 May 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 CVE-2025-29906 🔴 HIGH (8.6) 🏢 troglobit - finit 🏗️ >= 3.0-rc1, < 4.11 🔗 https://t.co/DcxBDXTrU8 🔗 https://t.co/UtNNiw3hUQ #CyberCron #VulnAlert #InfoSec https://t.co/7NG1QP3E8H

    @cybercronai

    30 Apr 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2025-29906 Finit is a fast init for Linux systems. Versions starting from 3.0-rc1 and prior to version 4.11 bundle an implementation of getty for the `tty` configuration directi… https://t.co/xzhbAh99U1

    @CVEnew

    29 Apr 2025

    629 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  7. [CVE-2025-29906: HIGH] Important cyber security update: Finit versions prior to 4.11 have a vulnerability where users can bypass authentication and log in as any user. Update to version 4.11 for a fix.#cve,CVE-2025-29906,#cybersecurity https://t.co/117UZYLtQm https://t.co/td45bHh

    @CveFindCom

    29 Apr 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.