CVE-2025-5962 is a high-severity vulnerability identified in the Lightspeed history service component of Red Hat Enterprise Linux (RHEL) 10. The flaw arises from improper access control mechanisms within the service, which manages user chat history on the system. Specifically, the vulnerability allows a local, unprivileged user to exploit inter-process communication (IPC) calls to the history service to access and manipulate the chat history of other users on the same system. This includes the ability to view, delete, or inject arbitrary history entries. The injected entries can contain misleading or malicious commands, which may deceive the targeted user into executing harmful actions. Such social engineering attacks could lead to privilege misuse or unauthorized command execution. The vulnerability does not require any user interaction or prior authentication, making it easier for an attacker with local access to exploit. The CVSS 3.1 base score is 7.7, reflecting high impact on confidentiality and integrity, with no impact on availability. The attack vector is local, requiring low attack complexity and no privileges. While no known exploits are currently reported in the wild, the potential for misuse is significant given the ability to manipulate command history and deceive users. This vulnerability is specific to RHEL 10, a widely used enterprise Linux distribution, particularly in server and workstation environments.

For European organizations, the impact of CVE-2025-5962 can be substantial, especially in sectors relying heavily on RHEL 10 for critical infrastructure, development, or operational environments. The ability for a local unprivileged user to manipulate another user's command history can lead to unauthorized access escalation, data breaches, or operational disruptions through social engineering. Confidentiality is at high risk since attackers can view sensitive command histories, potentially exposing credentials or operational details. Integrity is also compromised as attackers can inject malicious commands into history, misleading users into executing harmful actions that could compromise system security or stability. Although availability is not directly affected, the indirect consequences of executing malicious commands could lead to system instability or further compromise. Organizations with multi-user systems, such as shared servers or development environments, are particularly vulnerable. The threat is heightened in environments where users have physical or remote local access, such as data centers, office environments, or virtualized setups. Given the high adoption of RHEL in European enterprises, especially in finance, government, and telecommunications, this vulnerability poses a significant risk to operational security and trustworthiness of user environments.

To mitigate CVE-2025-5962 effectively, organizations should: 1) Apply patches from Red Hat as soon as they become available, as this is the definitive fix for the improper access control issue. 2) Restrict local user access on systems running RHEL 10 to only trusted personnel, minimizing the risk of unprivileged users exploiting the vulnerability. 3) Implement strict user session isolation and monitor IPC calls related to the Lightspeed history service to detect anomalous access or manipulation attempts. 4) Educate users about the risks of executing commands from history without verification, emphasizing caution against unexpected or suspicious command entries. 5) Employ enhanced logging and auditing of command history access and modifications to enable rapid detection and forensic analysis of potential exploitation. 6) Consider deploying mandatory access control (MAC) policies, such as SELinux or AppArmor, to further restrict inter-process communication and access to user history files. 7) Use multi-factor authentication and privilege separation to reduce the impact of any successful social engineering attempts stemming from manipulated command histories.