CVE-2025-46805 is a Time-of-check Time-of-use (TOCTOU) race condition vulnerability classified under CWE-367. It affects Screen versions 5.0.0 and older version 4 releases, specifically when the software is installed with setuid-root privileges. The vulnerability arises because the software improperly handles the timing between checking a condition and using a resource, allowing an attacker to exploit this race window. In this case, the attacker can send signals such as SIGHUP or SIGCONT to privileged processes. These signals can cause processes to reload configurations or resume execution, potentially leading to unintended behavior or privilege escalation. The CVSS v3.1 base score is 5.5 (medium severity), with the vector indicating local attack vector (AV:L), low attack complexity (AC:L), requiring low privileges (PR:L), no user interaction (UI:N), unchanged scope (S:U), no confidentiality or integrity impact (C:N/I:N), but high impact on availability (A:H). This means the vulnerability can be exploited by a local attacker with some privileges to disrupt availability of privileged processes, potentially causing denial of service or process manipulation. No known exploits are currently reported in the wild, and no patches or vendor project details are provided in the information. The vulnerability was published on May 26, 2025, and reserved on April 30, 2025. The lack of confidentiality or integrity impact suggests the main risk is disruption of critical privileged processes rather than data theft or modification. However, because the processes affected run with root privileges, the consequences of disruption can be significant, especially in environments relying on these processes for critical operations.

For European organizations, the primary impact of CVE-2025-46805 is the potential disruption of critical services running with elevated privileges. Since the vulnerability allows sending signals to privileged processes, attackers with local access could cause denial of service or unexpected process behavior, impacting system availability. This could affect servers, network appliances, or security-critical systems using the affected Screen versions with setuid-root installed. Organizations in sectors such as finance, healthcare, energy, and government, where uptime and process integrity are crucial, may face operational disruptions. Although no direct confidentiality or integrity compromise is indicated, availability impacts can indirectly affect business continuity and compliance with regulations like GDPR if services are interrupted. The medium CVSS score reflects moderate risk, but the local attack vector and requirement for some privileges limit the attack surface to insiders or attackers who have already gained limited access. Nonetheless, the vulnerability could be leveraged in multi-stage attacks to escalate privileges or disrupt defenses. European organizations using Screen software in their infrastructure should assess exposure, especially if setuid-root installations are present, and prioritize mitigation to maintain service reliability and security posture.

1. Immediate mitigation should include auditing all systems for Screen versions 5.0.0 and older version 4 releases installed with setuid-root privileges. 2. Where possible, remove setuid-root from the Screen binary or replace it with a less privileged execution context to reduce risk. 3. Apply vendor patches or updates once available; if no patches exist yet, consider upgrading to newer versions not affected by this vulnerability. 4. Implement strict access controls and monitoring to limit local user privileges and detect suspicious signal sending or process manipulation attempts. 5. Employ process hardening techniques such as seccomp filters or Linux capabilities to restrict signal delivery to privileged processes. 6. Use system integrity monitoring to detect unexpected process restarts or signal handling anomalies. 7. Conduct regular security training for administrators to recognize and respond to potential exploitation attempts. 8. In environments where Screen is critical, consider isolating affected systems or running them in hardened containers or virtual machines to contain potential impacts. These steps go beyond generic advice by focusing on privilege reduction, process hardening, and monitoring tailored to the nature of this TOCTOU race condition vulnerability.