CVE-2025-46802: For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session.

medium5.3CVSS 4.0

AVLACLATPPRLUIPVCHVIHVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX

For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session.

Affected

20 ranges

Vendor	Product	Version range	Fixed in
debian	screen	< screen 4.9.1-3 (forky)	screen 4.9.1-3 (forky)
gnu	screen	>= 0 < 4.9.1-3	4.9.1-3
gnu	screen	>= 0 < 4.9.1-3	4.9.1-3
gnu	screen	>= 0 < 4.9.0-1ubuntu0.1	4.9.0-1ubuntu0.1
gnu	screen	>= 0 < 4.9.1-1ubuntu1	4.9.1-1ubuntu1
msrc	azl3_kernel_6.6.47.1-1_on_azure_linux_3.0	—	—
msrc	azl3_kernel_6.6.51.1-5_on_azure_linux_3.0	—	—
msrc	azure_linux_3.0_arm	—	—
msrc	azure_linux_3.0_x64	—	—
msrc	cbl2_kernel_5.15.186.1-1_on_cbl_mariner_2.0	—	—
msrc	cbl2_kernel_5.15.200.1-1_on_cbl_mariner_2.0	—	—
msrc	cbl2_kernel_5.15.202.1-1_on_cbl_mariner_2.0	—	—
suse	suse_linux_enterprise_desktop_15_sp6	>= ? < 4.6.2-150000.5.8.1	4.6.2-150000.5.8.1
suse	suse_linux_enterprise_high_performance_computing_15_sp6	>= ? < 4.6.2-150000.5.8.1	4.6.2-150000.5.8.1
suse	suse_linux_enterprise_micro_5.3	>= ? < 4.6.2-150000.5.8.1	4.6.2-150000.5.8.1
suse	suse_linux_enterprise_micro_5.4	>= ? < 4.6.2-150000.5.8.1	4.6.2-150000.5.8.1
suse	suse_linux_enterprise_micro_5.5	>= ? < 4.6.2-150000.5.8.1	4.6.2-150000.5.8.1
suse	suse_linux_enterprise_module_for_basesystem_15_sp6	>= ? < 4.6.2-150000.5.8.1	4.6.2-150000.5.8.1
suse	suse_linux_enterprise_server_15_sp6	>= ? < 4.6.2-150000.5.8.1	4.6.2-150000.5.8.1
suse	suse_linux_enterprise_server_for_sap_applications_15_sp6	>= ? < 4.6.2-150000.5.8.1	4.6.2-150000.5.8.1

CVSS provenance

nvdv4.05.3MEDIUMCVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

osv6.5MEDIUM