Metrics
Affected Vendors & Products
Tue, 02 Sep 2025 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Tokio
Tokio tracing |
|
Vendors & Products |
Tokio
Tokio tracing |
Tue, 02 Sep 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Sat, 30 Aug 2025 00:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
Fri, 29 Aug 2025 21:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into terminal output when logged, potentially allowing attackers to manipulate terminal title bars, clear screens or modify terminal display, and potentially mislead users through terminal manipulation. tracing-subscriber version 0.3.20 fixes this vulnerability by escaping ANSI control characters when writing events to destinations that may be printed to the terminal. A workaround involves avoiding printing logs to terminal emulators without escaping ANSI control sequences. | |
Title | Tracing logging user input may result in poisoning logs with ANSI escape sequences | |
Weaknesses | CWE-150 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-09-02T14:08:42.323Z
Reserved: 2025-08-27T13:34:56.186Z
Link: CVE-2025-58160

Updated: 2025-09-02T14:08:38.625Z

Status : Awaiting Analysis
Published: 2025-08-29T22:15:32.887
Modified: 2025-09-02T15:55:35.520
Link: CVE-2025-58160


Updated: 2025-09-02T15:23:32Z