Skip to main content

CVE-2025-46803: CWE-276: Incorrect Default Permissions

Medium
VulnerabilityCVE-2025-46803cvecve-2025-46803cwe-276
Published: Mon May 26 2025 (05/26/2025, 15:06:04 UTC)
Source: CVE

Description

The default mode of pseudo terminals (PTYs) allocated by Screen was changed from 0620 to 0622, thereby allowing anyone to write to any Screen PTYs in the system.

AI-Powered Analysis

AILast updated: 07/11/2025, 11:17:29 UTC

Technical Analysis

CVE-2025-46803 is a vulnerability classified under CWE-276 (Incorrect Default Permissions) affecting version 5.0 of the Screen utility, a terminal multiplexer commonly used in Unix-like operating systems. The issue arises from a change in the default permission mode of pseudo terminals (PTYs) allocated by Screen. Previously, the PTYs were created with permissions set to 0620, which restricts write access to the owner and group. However, this was changed to 0622, which grants write permissions to all users on the system. This misconfiguration allows any user to write to any Screen PTY device, potentially enabling unauthorized users to inject input or commands into other users' terminal sessions. The vulnerability has a CVSS v3.1 score of 5.0, indicating a medium severity level. The vector metrics indicate that the attack requires local access (AV:L), low attack complexity (AC:L), low privileges (PR:L), and user interaction (UI:R). The impact is limited to integrity (I:H), with no confidentiality or availability impact. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability could be exploited by a local attacker with some privileges to interfere with other users' terminal sessions, potentially leading to command injection or session hijacking scenarios.

Potential Impact

For European organizations, the impact of CVE-2025-46803 can be significant in environments where Screen is used extensively, especially in multi-user systems such as shared servers, development environments, or hosting providers. The ability for a low-privileged user to write to another user's terminal session can lead to unauthorized command execution, data manipulation, or disruption of workflows. This undermines the integrity of terminal sessions and could facilitate lateral movement or privilege escalation if combined with other vulnerabilities or misconfigurations. Organizations in sectors with strict data integrity requirements, such as finance, healthcare, and critical infrastructure, may face increased risks. Additionally, compliance with regulations like GDPR could be impacted if this vulnerability leads to unauthorized access or manipulation of sensitive data. Although the vulnerability does not directly affect confidentiality or availability, the integrity compromise could have cascading effects on operational security and trustworthiness of systems.

Mitigation Recommendations

To mitigate CVE-2025-46803, organizations should: 1) Immediately audit the permissions of PTYs allocated by Screen on all affected systems, verifying that they are not set to overly permissive modes such as 0622. 2) Manually revert the PTY permissions to a more restrictive mode (e.g., 0620 or stricter) using system configuration or startup scripts until an official patch is released. 3) Restrict local user access to systems running Screen, limiting the number of users who can log in and use Screen sessions. 4) Monitor terminal sessions for unusual activity that could indicate unauthorized input injection. 5) Implement strict user privilege separation and consider using alternative terminal multiplexers that do not exhibit this vulnerability. 6) Stay updated with vendor advisories and apply official patches as soon as they become available. 7) Employ host-based intrusion detection systems (HIDS) to detect anomalous writes to PTYs. 8) Educate system administrators about the risks of incorrect PTY permissions and enforce secure configuration baselines.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
suse
Date Reserved
2025-04-30T11:28:04.728Z
Cisa Enriched
false
Cvss Version
3.1
State
PUBLISHED

Threat ID: 683487800acd01a249288785

Added to database: 5/26/2025, 3:23:44 PM

Last enriched: 7/11/2025, 11:17:29 AM

Last updated: 8/15/2025, 10:13:09 PM

Views: 14

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats