CVE-2025-46804

A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be available. Affected are older Screen versions, as well as version 5.0.0.

CVSS v3 3.3 LOW

3.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-46804
https://www.openwall.com/lists/oss-security/2025/05/12/1

Configurations

No configuration.

History

28 May 2025, 15:01

Type	Values Removed	Values Added
Summary		(es) Una pequeña fuga de información al ejecutar Screen con privilegios setuid-root permite a usuarios sin privilegios deducir información sobre una ruta que, de otro modo, no estaría disponible. Se ven afectadas las versiones anteriores de Screen, así como la versión 5.0.0.

27 May 2025, 08:15

Type	Values Removed	Values Added
Summary	(en) A minor information leak when running Screen with setuid-root privileges allosw unprivileged users to deduce information about a path that would otherwise not be available. Affected are older Screen versions, as well as version 5.0.0.	(en) A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be available. Affected are older Screen versions, as well as version 5.0.0.

26 May 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-26 14:15

Updated : 2025-05-28 15:01

NVD link : CVE-2025-46804

Mitre link : CVE-2025-46804

CVE.ORG link : CVE-2025-46804

JSON object : View

Products Affected

No product.

CWE

CWE-203

Observable Discrepancy

{"id": "CVE-2025-46804", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "meissner@suse.de", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "meissner@suse.de", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.0, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-05-26T14:15:19.850", "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-46804", "source": "meissner@suse.de"}, {"url": "https://www.openwall.com/lists/oss-security/2025/05/12/1", "source": "meissner@suse.de"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "meissner@suse.de", "description": [{"lang": "en", "value": "CWE-203"}]}], "descriptions": [{"lang": "en", "value": "A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be available.\n\n\nAffected are older Screen versions, as well as version 5.0.0."}, {"lang": "es", "value": "Una peque\u00f1a fuga de informaci\u00f3n al ejecutar Screen con privilegios setuid-root permite a usuarios sin privilegios deducir informaci\u00f3n sobre una ruta que, de otro modo, no estar\u00eda disponible. Se ven afectadas las versiones anteriores de Screen, as\u00ed como la versi\u00f3n 5.0.0."}], "lastModified": "2025-05-28T15:01:30.720", "sourceIdentifier": "meissner@suse.de"}