TOCTOU  in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a symlink race between fopen("w") on the history path and subsequent chmod() on the same path.
Fixes

Solution

call fchmod() on the fd instead of chmod() on the path


Workaround

No workaround given by the vendor.

History

Wed, 03 Sep 2025 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Tue, 02 Sep 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 02 Sep 2025 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Linenoise Project
Linenoise Project linenoise
Vendors & Products Linenoise Project
Linenoise Project linenoise

Mon, 01 Sep 2025 19:15:00 +0000

Type Values Removed Values Added
Description TOCTOU  in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a symlink race between fopen("w") on the history path and subsequent chmod() on the same path.
Title TOCTOU race in Linenoise enables arbitrary file overwrite and permission changes
Weaknesses CWE-367
References
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: CyberArk

Published:

Updated: 2025-09-02T16:13:46.132Z

Reserved: 2025-09-01T18:48:53.813Z

Link: CVE-2025-9810

cve-icon Vulnrichment

Updated: 2025-09-02T16:13:43.003Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-09-01T19:15:32.573

Modified: 2025-09-02T15:55:25.420

Link: CVE-2025-9810

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-09-01T19:03:19Z

Links: CVE-2025-9810 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2025-09-02T15:23:10Z