TOCTOU  in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a symlink race between fopen("w") on the history path and subsequent chmod() on the same path.
History

Mon, 01 Sep 2025 19:15:00 +0000

Type Values Removed Values Added
Description TOCTOU  in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a symlink race between fopen("w") on the history path and subsequent chmod() on the same path.
Title TOCTOU race in Linenoise enables arbitrary file overwrite and permission changes
Weaknesses CWE-367
References
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: CyberArk

Published:

Updated: 2025-09-01T19:03:19.540Z

Reserved: 2025-09-01T18:48:53.813Z

Link: CVE-2025-9810

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2025-09-01T19:15:32.573

Modified: 2025-09-01T19:15:32.573

Link: CVE-2025-9810

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.