CVE-2025-23395
Public on 2025-05-13
Modified on 2025-05-13
Description
Local Root Exploit via logfile_reopen() in the screen package
Introduced with: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=441bca708bd197ae15d031ccfd2b42077eeebedc (v.5.0.0)
Info: https://www.openwall.com/lists/oss-security/2025/05/12/1
Patch: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=e894caeffccdb62f9c644989a936dc7ec83cc747
Introduced with: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=441bca708bd197ae15d031ccfd2b42077eeebedc (v.5.0.0)
Info: https://www.openwall.com/lists/oss-security/2025/05/12/1
Patch: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=e894caeffccdb62f9c644989a936dc7ec83cc747
Severity
Important
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | screen | Not Affected | ||
| Amazon Linux 2 - Core | screen | Not Affected | ||
| Amazon Linux 2023 | screen | Not Affected |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| NVD | CVSSv3 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |