CVE-2025-9810

Published September 1st, 2025

View on NVD ↗

CVSS v3

6.8

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

TOCTOU in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a symlink race between fopen("w") on the history path and subsequent chmod() on the same path.

antirez/linenoise

A small self-contained alternative to readline and libedit

GitHub

4.3K