CVE-2025-54389 — Improper Output Neutralization for Logs in Aide

CWE-117 — Improper Output Neutralization for Logs9 documents8 sources

Severity

5.5MEDIUMNVD

CNA6.2

EPSS

0.0%

top 96.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Aide Advanced Intrusion Detection Environment Project Advanced Intrusion Detection Environment

Timeline

PublishedAug 14

Latest updateAug 19

Description

AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamper with the log output. A local user might exploit this to bypass the AIDE detection of malicious files. Additionally the output of extended attribute key names and symbolic links targets are also not pr…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶NVDadvanced_intrusion_detection_environment_project/advanced_intrusion_detection_environment< 0.19.2

▶CVEListV5aide/aide< 0.19.2

▶Debianaide/aide< 0.17.3-4+deb11u3+3

▶Ubuntuaide/aide< 0.17.4-1ubuntu0.2+5

Patches

Patch: github.com ↗

🔴Vulnerability Details

CVEList

AIDE improper output neutralization vulnerability↗2025-08-14

▶

OSV

CVE-2025-54389: AIDE is an advanced intrusion detection environment↗2025-08-14

▶

OSV

aide vulnerabilities↗2025-08-14

▶

📋Vendor Advisories

Red Hat

aide: improper output neutralization enables bypassing↗2025-08-14

▶

Ubuntu

AIDE vulnerabilities↗2025-08-14

▶

Microsoft

AIDE improper output neutralization vulnerability↗2025-08-12

▶

Debian

CVE-2025-54389: aide - AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, th...↗2025

▶

💬Community

Bugzilla

CVE-2025-54389 aide: improper output neutralization enables bypassing [fedora-42]↗2025-08-19

▶