Telnetd in GNU inetutils through version 2.7 contains a flaw that allows an unprivileged local user to gain higher privileges. The vulnerability arises when the client can influence the CREDENTIALS_DIRECTORY environment variable used by the systemd service credentials support introduced in util‑linux 2.40. By creating a login.noauth file, the attacker can exploit the privilege escalation path. The weakness is identified as CWE‑829, an improper restriction of privileges. This flaw enables the attacker to obtain root or administrative privileges on the host, compromising confidentiality, integrity, and availability of system resources.

The affected vendor is GNU; the product is inetutils. All releases of inetutils up to and including version 2.7 are impacted, as indicated by the phrase "through 2.7" in the advisory. No specific later versions are mentioned, implying that versions newer than 2.7 are presumed to be unaffected once the patch is applied.

The CVSS score of 7.4 indicates a high severity vulnerability. The EPSS score of less than 1% points to a very low probability of exploitation at this time. The vulnerability is not listed in CISA's KEV catalog. Exploitation requires a local user able to create a login.noauth file and manipulate the CREDENTIALS_DIRECTORY variable, so the attack vector is local. The risk is therefore significant for environments that run telnetd or grant local users the ability to write to the credential directory.