CVE-2025-5962 HIGH

CVE-2025-5962: Rhel-lightspeed: improper access control in lightspeed history management allows local privilege manipulation

Weakness CWE-284
Published September 22, 2025
Last update November 11, 2025

CVSS base score

7.7/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

A flaw was found in the Lightspeed history service. Insufficient access controls allow a local, unprivileged user to access and manipulate the chat history of another user on the same system. By abusing inter-process communication calls to the history service, an attacker can view, delete, or inject arbitrary history entries, including misleading or malicious commands. This can be used to deceive another user into executing harmful actions, posing a risk of privilege misuse or unauthorized command execution through social engineering.

Key dates

02Disclosure timeline

September 22, 2025 CVE published
November 11, 2025 Record updated