CVE-2025-46803: CWE-276: Incorrect Default Permissions
The default mode of pseudo terminals (PTYs) allocated by Screen was changed from 0620 to 0622, thereby allowing anyone to write to any Screen PTYs in the system.
AI Analysis
Technical Summary
CVE-2025-46803 is a vulnerability classified under CWE-276 (Incorrect Default Permissions) affecting version 5.0 of the Screen utility, a terminal multiplexer commonly used in Unix-like operating systems. The issue arises from a change in the default permission mode of pseudo terminals (PTYs) allocated by Screen. Previously, the PTYs were created with permissions set to 0620, which restricts write access to the owner and group. However, this was changed to 0622, which grants write permissions to all users on the system. This misconfiguration allows any user to write to any Screen PTY device, potentially enabling unauthorized users to inject input or commands into other users' terminal sessions. The vulnerability has a CVSS v3.1 score of 5.0, indicating a medium severity level. The vector metrics indicate that the attack requires local access (AV:L), low attack complexity (AC:L), low privileges (PR:L), and user interaction (UI:R). The impact is limited to integrity (I:H), with no confidentiality or availability impact. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability could be exploited by a local attacker with some privileges to interfere with other users' terminal sessions, potentially leading to command injection or session hijacking scenarios.
Potential Impact
For European organizations, the impact of CVE-2025-46803 can be significant in environments where Screen is used extensively, especially in multi-user systems such as shared servers, development environments, or hosting providers. The ability for a low-privileged user to write to another user's terminal session can lead to unauthorized command execution, data manipulation, or disruption of workflows. This undermines the integrity of terminal sessions and could facilitate lateral movement or privilege escalation if combined with other vulnerabilities or misconfigurations. Organizations in sectors with strict data integrity requirements, such as finance, healthcare, and critical infrastructure, may face increased risks. Additionally, compliance with regulations like GDPR could be impacted if this vulnerability leads to unauthorized access or manipulation of sensitive data. Although the vulnerability does not directly affect confidentiality or availability, the integrity compromise could have cascading effects on operational security and trustworthiness of systems.
Mitigation Recommendations
To mitigate CVE-2025-46803, organizations should: 1) Immediately audit the permissions of PTYs allocated by Screen on all affected systems, verifying that they are not set to overly permissive modes such as 0622. 2) Manually revert the PTY permissions to a more restrictive mode (e.g., 0620 or stricter) using system configuration or startup scripts until an official patch is released. 3) Restrict local user access to systems running Screen, limiting the number of users who can log in and use Screen sessions. 4) Monitor terminal sessions for unusual activity that could indicate unauthorized input injection. 5) Implement strict user privilege separation and consider using alternative terminal multiplexers that do not exhibit this vulnerability. 6) Stay updated with vendor advisories and apply official patches as soon as they become available. 7) Employ host-based intrusion detection systems (HIDS) to detect anomalous writes to PTYs. 8) Educate system administrators about the risks of incorrect PTY permissions and enforce secure configuration baselines.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Italy, Spain, Poland
CVE-2025-46803: CWE-276: Incorrect Default Permissions
Description
The default mode of pseudo terminals (PTYs) allocated by Screen was changed from 0620 to 0622, thereby allowing anyone to write to any Screen PTYs in the system.
AI-Powered Analysis
Technical Analysis
CVE-2025-46803 is a vulnerability classified under CWE-276 (Incorrect Default Permissions) affecting version 5.0 of the Screen utility, a terminal multiplexer commonly used in Unix-like operating systems. The issue arises from a change in the default permission mode of pseudo terminals (PTYs) allocated by Screen. Previously, the PTYs were created with permissions set to 0620, which restricts write access to the owner and group. However, this was changed to 0622, which grants write permissions to all users on the system. This misconfiguration allows any user to write to any Screen PTY device, potentially enabling unauthorized users to inject input or commands into other users' terminal sessions. The vulnerability has a CVSS v3.1 score of 5.0, indicating a medium severity level. The vector metrics indicate that the attack requires local access (AV:L), low attack complexity (AC:L), low privileges (PR:L), and user interaction (UI:R). The impact is limited to integrity (I:H), with no confidentiality or availability impact. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability could be exploited by a local attacker with some privileges to interfere with other users' terminal sessions, potentially leading to command injection or session hijacking scenarios.
Potential Impact
For European organizations, the impact of CVE-2025-46803 can be significant in environments where Screen is used extensively, especially in multi-user systems such as shared servers, development environments, or hosting providers. The ability for a low-privileged user to write to another user's terminal session can lead to unauthorized command execution, data manipulation, or disruption of workflows. This undermines the integrity of terminal sessions and could facilitate lateral movement or privilege escalation if combined with other vulnerabilities or misconfigurations. Organizations in sectors with strict data integrity requirements, such as finance, healthcare, and critical infrastructure, may face increased risks. Additionally, compliance with regulations like GDPR could be impacted if this vulnerability leads to unauthorized access or manipulation of sensitive data. Although the vulnerability does not directly affect confidentiality or availability, the integrity compromise could have cascading effects on operational security and trustworthiness of systems.
Mitigation Recommendations
To mitigate CVE-2025-46803, organizations should: 1) Immediately audit the permissions of PTYs allocated by Screen on all affected systems, verifying that they are not set to overly permissive modes such as 0622. 2) Manually revert the PTY permissions to a more restrictive mode (e.g., 0620 or stricter) using system configuration or startup scripts until an official patch is released. 3) Restrict local user access to systems running Screen, limiting the number of users who can log in and use Screen sessions. 4) Monitor terminal sessions for unusual activity that could indicate unauthorized input injection. 5) Implement strict user privilege separation and consider using alternative terminal multiplexers that do not exhibit this vulnerability. 6) Stay updated with vendor advisories and apply official patches as soon as they become available. 7) Employ host-based intrusion detection systems (HIDS) to detect anomalous writes to PTYs. 8) Educate system administrators about the risks of incorrect PTY permissions and enforce secure configuration baselines.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- suse
- Date Reserved
- 2025-04-30T11:28:04.728Z
- Cisa Enriched
- false
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 683487800acd01a249288785
Added to database: 5/26/2025, 3:23:44 PM
Last enriched: 7/11/2025, 11:17:29 AM
Last updated: 8/14/2025, 1:31:44 PM
Views: 13
Related Threats
CVE-2025-43201: An app may be able to unexpectedly leak a user's credentials in Apple Apple Music Classical for Android
UnknownCVE-2025-8959: CWE-59: Improper Link Resolution Before File Access (Link Following) in HashiCorp Shared library
HighCVE-2025-44201
LowCVE-2025-36088: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in IBM Storage TS4500 Library
MediumCVE-2025-43490: CWE-59 Improper Link Resolution Before File Access ('Link Following') in HP, Inc. HP Hotkey Support Software
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.