CVE-2025-46802

CWE-732Incorrect Permission AssignmentCWE-362Race ConditionCWE-476NULL Pointer Dereference9 documents8 sources
Severity
5.3MEDIUM
EPSS
0.1%
top 83.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Suse Suse Linux Enterprise Desktop 15 SP6Suse Suse Linux Enterprise High Performance Computing 15 SP6Suse Suse Linux Enterprise Micro 5.3+5 more
Timeline
PublishedMay 26
Latest updateJan 26

Description

For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Packages9 packages

Debianscreen< 4.9.1-3+1
CVEListV5suse/suse_linux_enterprise_micro_5.3?4.6.2-150000.5.8.1
CVEListV5suse/suse_linux_enterprise_micro_5.4?4.6.2-150000.5.8.1
CVEListV5suse/suse_linux_enterprise_micro_5.5?4.6.2-150000.5.8.1

🔴Vulnerability Details

4
OSV
screen vulnerabilities2026-01-26
GHSA
GHSA-rh76-vmrr-w867: For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session2025-05-26
OSV
CVE-2025-46802: For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session2025-05-26
CVEList
Temporary chown() of users' TTY to mode 0666 allows PTY hijacking in screen2025-05-26

📋Vendor Advisories

4
Ubuntu
GNU Screen vulnerabilities2026-01-26
Red Hat
screen: TTY Hijacking while Attaching to a Multiuser Session2025-05-13
Debian
CVE-2025-46802: screen - For a short time they PTY is set to mode 666, allowing any user on the system to...2025
Microsoft
drm/amd/display: added NULL check at start of dc_validate_stream2024-09-10
CVE-2025-46802 (MEDIUM CVSS 5.3) | For a short time they PTY is set to | cvebase.io