CVE-2025-5962

Sažetak

A flaw was found in the Lightspeed history service. Insufficient access controls allow a local, unprivileged user to access and manipulate the chat history of another user on the same system. By abusing inter-process communication calls to the history service, an attacker can view, delete, or inject arbitrary history entries, including misleading or malicious commands. This can be used to deceive another user into executing harmful actions, posing a risk of privilege misuse or unauthorized command execution through social engineering.

Reference

https://access.redhat.com/errata/RHSA-2025:16345
https://access.redhat.com/errata/RHSA-2025:16346
https://access.redhat.com/security/cve/CVE-2025-5962
https://bugzilla.redhat.com/show_bug.cgi?id=2371363

CVSS

Base:	7.7
Impact:	5.2
Exploitability:	2.5

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	NONE

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Zadnje važnije ažuriranje

22-09-2025 - 21:22

Objavljeno

22-09-2025 - 08:15