CVE-2025-46804: CWE-203: Observable Discrepancy
A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be available. Affected are older Screen versions, as well as version 5.0.0.
AI Analysis
Technical Summary
CVE-2025-46804 is a vulnerability classified under CWE-203 (Observable Discrepancy) that affects the Screen terminal multiplexer software, specifically older versions and version 5.0.0. Screen is often used to manage multiple terminal sessions on Unix-like systems and can be configured to run with setuid-root privileges to allow non-privileged users to access certain functionalities. This vulnerability results in a minor information leak whereby unprivileged users can deduce information about filesystem paths that would normally be inaccessible to them. The leak arises due to observable discrepancies in the behavior of Screen when running with elevated privileges, potentially revealing path information through side channels or error messages. The CVSS 3.1 base score is 3.3, indicating a low severity vulnerability. The attack vector requires local access (AV:L), low attack complexity (AC:L), and privileges (PR:L) but no user interaction (UI:N). The impact is limited to confidentiality (C:L) with no integrity or availability effects. There are no known exploits in the wild, and no patches have been linked yet. This vulnerability is primarily a privacy concern rather than a critical security risk, but it could be leveraged in combination with other vulnerabilities or for reconnaissance purposes by attackers with local access.
Potential Impact
For European organizations, the impact of CVE-2025-46804 is relatively low but not negligible. Since the vulnerability allows unprivileged users to glean information about protected filesystem paths, it could aid attackers in mapping system layouts or identifying sensitive files, which may facilitate further attacks or privilege escalation attempts. Organizations with multi-user Unix/Linux environments where Screen is deployed with setuid-root privileges are most at risk. This includes academic institutions, research centers, hosting providers, and enterprises that rely on legacy or specific Screen versions for terminal multiplexing. The confidentiality breach could expose sensitive directory structures or configuration paths, potentially aiding targeted attacks or insider threats. However, the lack of integrity or availability impact and the requirement for local access limit the overall risk. European organizations with strict access controls and monitoring will mitigate the risk further. Nonetheless, awareness and remediation are important to prevent information leakage that could be exploited in complex attack chains.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Identify and inventory all systems running vulnerable versions of Screen, especially those configured with setuid-root privileges. 2) Upgrade Screen to the latest patched version once available, or apply vendor-provided patches promptly. 3) Where possible, avoid running Screen with setuid-root privileges; instead, use alternative privilege management techniques such as capabilities or sudo with restricted commands. 4) Implement strict local user access controls and monitoring to detect unauthorized attempts to exploit this information leak. 5) Employ file system permissions and security modules (e.g., SELinux, AppArmor) to limit exposure of sensitive paths. 6) Educate system administrators about the risks of information leakage and encourage regular audits of privilege configurations. 7) If upgrading is not immediately feasible, consider disabling or restricting Screen usage for unprivileged users to reduce attack surface.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2025-46804: CWE-203: Observable Discrepancy
Description
A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be available. Affected are older Screen versions, as well as version 5.0.0.
AI-Powered Analysis
Technical Analysis
CVE-2025-46804 is a vulnerability classified under CWE-203 (Observable Discrepancy) that affects the Screen terminal multiplexer software, specifically older versions and version 5.0.0. Screen is often used to manage multiple terminal sessions on Unix-like systems and can be configured to run with setuid-root privileges to allow non-privileged users to access certain functionalities. This vulnerability results in a minor information leak whereby unprivileged users can deduce information about filesystem paths that would normally be inaccessible to them. The leak arises due to observable discrepancies in the behavior of Screen when running with elevated privileges, potentially revealing path information through side channels or error messages. The CVSS 3.1 base score is 3.3, indicating a low severity vulnerability. The attack vector requires local access (AV:L), low attack complexity (AC:L), and privileges (PR:L) but no user interaction (UI:N). The impact is limited to confidentiality (C:L) with no integrity or availability effects. There are no known exploits in the wild, and no patches have been linked yet. This vulnerability is primarily a privacy concern rather than a critical security risk, but it could be leveraged in combination with other vulnerabilities or for reconnaissance purposes by attackers with local access.
Potential Impact
For European organizations, the impact of CVE-2025-46804 is relatively low but not negligible. Since the vulnerability allows unprivileged users to glean information about protected filesystem paths, it could aid attackers in mapping system layouts or identifying sensitive files, which may facilitate further attacks or privilege escalation attempts. Organizations with multi-user Unix/Linux environments where Screen is deployed with setuid-root privileges are most at risk. This includes academic institutions, research centers, hosting providers, and enterprises that rely on legacy or specific Screen versions for terminal multiplexing. The confidentiality breach could expose sensitive directory structures or configuration paths, potentially aiding targeted attacks or insider threats. However, the lack of integrity or availability impact and the requirement for local access limit the overall risk. European organizations with strict access controls and monitoring will mitigate the risk further. Nonetheless, awareness and remediation are important to prevent information leakage that could be exploited in complex attack chains.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Identify and inventory all systems running vulnerable versions of Screen, especially those configured with setuid-root privileges. 2) Upgrade Screen to the latest patched version once available, or apply vendor-provided patches promptly. 3) Where possible, avoid running Screen with setuid-root privileges; instead, use alternative privilege management techniques such as capabilities or sudo with restricted commands. 4) Implement strict local user access controls and monitoring to detect unauthorized attempts to exploit this information leak. 5) Employ file system permissions and security modules (e.g., SELinux, AppArmor) to limit exposure of sensitive paths. 6) Educate system administrators about the risks of information leakage and encourage regular audits of privilege configurations. 7) If upgrading is not immediately feasible, consider disabling or restricting Screen usage for unprivileged users to reduce attack surface.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- suse
- Date Reserved
- 2025-04-30T11:28:04.728Z
- Cisa Enriched
- false
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 683471f80acd01a2492876ce
Added to database: 5/26/2025, 1:51:52 PM
Last enriched: 7/11/2025, 10:32:41 AM
Last updated: 7/30/2025, 4:09:54 PM
Views: 12
Related Threats
CVE-2025-55169: CWE-287: Improper Authentication in LabRedesCefetRJ WeGIA
CriticalCVE-2025-43734: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Liferay Portal
MediumCVE-2025-36124: CWE-268 Privilege Chaining in IBM WebSphere Application Server Liberty
MediumCVE-2025-55168: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in LabRedesCefetRJ WeGIA
CriticalCVE-2025-53744: Escalation of privilege in Fortinet FortiOS
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.