CVE-2025-9810 - Vulnerability Details - OpenCVE

TOCTOU in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a symlink race between fopen("w") on the history path and subsequent chmod() on the same path.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://github.com/antirez/linenoise/blob/master/linenoise.c#L1321
https://github.com/antirez/linenoise/pull/202

History

Mon, 01 Sep 2025 19:15:00 +0000

Type	Values Removed	Values Added
Description		TOCTOU in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a symlink race between fopen("w") on the history path and subsequent chmod() on the same path.
Title		TOCTOU race in Linenoise enables arbitrary file overwrite and permission changes
Weaknesses		CWE-367
References		https://github.com/antirez/linenoise/blob/master/linenoise.c#L1321 https://github.com/antirez/linenoise/pull/202
Metrics		cvssV3_1 `{'score': 6.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L'}`

MITRE

Status: PUBLISHED

Assigner: CyberArk

Published: 2025-09-01T19:03:19.540Z

Updated: 2025-09-01T19:03:19.540Z

Reserved: 2025-09-01T18:48:53.813Z

Link: CVE-2025-9810

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-09-01T19:15:32.573

Modified: 2025-09-01T19:15:32.573

Link: CVE-2025-9810

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-9810", "assignerOrgId": "96148269-fe82-4198-b1bf-3a73ce8bc92e", "state": "PUBLISHED", "assignerShortName": "CyberArk", "dateReserved": "2025-09-01T18:48:53.813Z", "datePublished": "2025-09-01T19:03:19.540Z", "dateUpdated": "2025-09-01T19:03:19.540Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "modules": ["linenoiseHistorySave"], "product": "linenoise", "programFiles": ["linenoise.c"], "vendor": "antirez", "versions": [{"status": "affected", "version": "0"}]}], "credits": [{"lang": "en", "type": "finder", "value": "@disconnect3d"}, {"lang": "en", "type": "analyst", "value": "Simcha Kosman"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">TOCTOU </span><span style=\"background-color: rgb(255, 255, 255);\"> in </span><code>linenoiseHistorySave</code><span style=\"background-color: rgb(255, 255, 255);\"> in </span><code>linenoise</code><span style=\"background-color: rgb(255, 255, 255);\"> allows local attackers to overwrite arbitrary files and change permissions via a symlink race between </span><code>fopen(\"w\")</code><span style=\"background-color: rgb(255, 255, 255);\"> on the history path and subsequent </span><code>chmod()</code><span style=\"background-color: rgb(255, 255, 255);\"> on the same path.</span>"}], "value": "TOCTOU \u00a0in linenoiseHistorySave\u00a0in linenoise\u00a0allows local attackers to overwrite arbitrary files and change permissions via a symlink race between fopen(\"w\")\u00a0on the history path and subsequent chmod()\u00a0on the same path."}], "impacts": [{"capecId": "CAPEC-132", "descriptions": [{"lang": "en", "value": "CAPEC-132 Symlink Attack"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-367", "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "96148269-fe82-4198-b1bf-3a73ce8bc92e", "shortName": "CyberArk", "dateUpdated": "2025-09-01T19:03:19.540Z"}, "references": [{"url": "https://github.com/antirez/linenoise/blob/master/linenoise.c#L1321"}, {"url": "https://github.com/antirez/linenoise/pull/202"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "call fchmod() on the fd instead of chmod() on the path\n\n<br>"}], "value": "call fchmod() on the fd instead of chmod() on the path"}], "source": {"discovery": "UNKNOWN"}, "title": "TOCTOU race in Linenoise enables arbitrary file overwrite and permission changes", "x_generator": {"engine": "Vulnogram 0.2.0"}}}}