The vulnerability is a race condition that occurs when GNU Sed is called with the -i (in-place edit) and --follow-symlinks options. The program resolves a symlink to its target and records that target, then opens the original path to read the file. Between those two operations the attacker can replace the symlink atomically, causing Sed to read from a new target and write the processed result to the original path. This flaw is a CWE‑367 concurrent modification issue and can lead to arbitrary file overwrite with attacker‑controlled content. The impact is limited to situations where Sed is run with both options; no information leaks or denial of service are described.

Version information is not explicitly listed, but the advisory notes that the problem was fixed in sed 4.10. Therefore, all GNU Sed installations older than 4.10 that invoke -i together with --follow-symlinks are vulnerable. The flaw applies to systems running standard Sed binaries on Unix‑like platforms where an attacker can change the target of a symlink during the race window.

The CVSS score of 2.1 indicates a low‑severity vulnerability. EPS score is unavailable and the vulnerability is not in the CISA KEV catalog, meaning no large‑scale exploit activity is currently documented. The most likely attack vector is a local attacker who can run or influence a Sed process and can modify symlinks on the same filesystem. Successful exploitation requires the attacker to read from the new symlink target and overwrite the recorded target; thus the threat is limited to privileged or compromised local environments rather than remote attacks.