CVE-2025-54389
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-14

Last updated on: 2025-11-04

Assigner: GitHub, Inc.

Description
AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamper with the log output. A local user might exploit this to bypass the AIDE detection of malicious files. Additionally the output of extended attribute key names and symbolic links targets are also not properly neutralized. This issue has been patched in version 0.19.2. A workaround involves configuring AIDE to write the report output to a regular file, redirecting stdout to a regular file, or redirecting the log output written to stderr to a regular file.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-14
Last Modified
2025-11-04
Generated
2026-05-07
AI Q&A
2025-08-14
EPSS Evaluated
2026-05-05
NVD
CVE-2025-54389
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
advanced_intrusion_detection_environment_project advanced_intrusion_detection_environment to 0.19.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-117 The product constructs a log message from external input, but it does not neutralize or incorrectly neutralizes special elements when the message is written to a log file.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in AIDE prior to version 0.19.2 involves improper output neutralization. An attacker can craft malicious filenames containing terminal escape sequences that can hide the addition or removal of files from AIDE's report or tamper with the log output. This allows a local user to potentially bypass AIDE's detection of malicious files. Additionally, extended attribute key names and symbolic link targets are also not properly neutralized, contributing to the issue.


How can this vulnerability impact me? :

The vulnerability can allow a local attacker to evade detection by AIDE, an intrusion detection system, by hiding changes to files or tampering with log outputs. This means malicious files could be added or removed without being detected, potentially compromising system integrity and security monitoring.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability involves improper output neutralization in AIDE prior to version 0.19.2, allowing an attacker to craft malicious filenames with terminal escape sequences to tamper with log outputs. Detection would involve inspecting AIDE reports and logs for suspicious escape sequences or anomalies in file addition/removal entries. However, no specific detection commands are provided in the available information.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, upgrade AIDE to version 0.19.2 or later where the issue is patched. As a workaround, configure AIDE to write report output to a regular file, redirect stdout to a regular file, or redirect log output written to stderr to a regular file to avoid terminal escape sequence exploitation.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart