CVE-2025-46803 MEDIUM

CVE-2025-46803: Screen creates by default world-writable PTYs

Weakness CWE-276
Published May 26, 2025
Last update May 27, 2025

CVSS base score

5.0/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

The default mode of pseudo terminals (PTYs) allocated by Screen was changed from 0620 to 0622, thereby allowing anyone to write to any Screen PTYs in the system.

Key dates

02Disclosure timeline

May 26, 2025 CVE published
May 27, 2025 Record updated