How severe is CVE-2025-23395?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2025-23395?

This is classified as CWE-271, which is a common weakness in software security.

CVE-2025-23395 - HIGH Severity | CVSS 7.8

Vulnerability Description

Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. This allows unprivileged users to create files in arbitrary locations with `root` ownership, the invoking user's (real) group ownership and file mode 0644. All data written to the Screen PTY will be logged into this file, allowing to escalate to root privileges

Related Vulnerabilities

CVE-2022-3569

HIGH

CVSS:7.8(High)

Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively c...

CWE-2712022

CVE-2024-0985

HIGH

CVSS:8.0(High)

Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions ...

CWE-2712024

CVE-2024-35179

MEDIUM

CVSS:6.8(Medium)

Stalwart Mail Server is an open-source mail server. Prior to version 0.8.0, when using `RUN_AS_USER`, the specified user (and therefore, web interface admins) can read arbitrary files as root. This is...

CWE-2712024

CVE-2023-22648

HIGH

CVSS:8.8(High)

A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users while they are logged in the Rancher UI. This would cause the users to ...

CWE-2712023

CVE-2023-22648

HIGH

CVSS:8.8(High)

CWE-2712023

CVE-2024-0985

HIGH

CVSS:8.0(High)

CWE-2712024