CVE-2025-5962
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-22

Last updated on: 2025-09-22

Assigner: Red Hat, Inc.

Description
A flaw was found in the Lightspeed history service. Insufficient access controls allow a local, unprivileged user to access and manipulate the chat history of another user on the same system. By abusing inter-process communication calls to the history service, an attacker can view, delete, or inject arbitrary history entries, including misleading or malicious commands. This can be used to deceive another user into executing harmful actions, posing a risk of privilege misuse or unauthorized command execution through social engineering.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-22
Last Modified
2025-09-22
Generated
2026-06-16
AI Q&A
2025-09-22
EPSS Evaluated
2026-06-15
NVD
CVE-2025-5962
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
redhat command-line-assistant *
redhat lightspeed *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-5962 is a security flaw in the Lightspeed history service where insufficient access controls allow a local, unprivileged user to access and manipulate another user's chat history on the same system. By exploiting inter-process communication calls, an attacker can view, delete, or inject arbitrary history entries, including malicious commands. This can deceive users into executing harmful actions, potentially leading to privilege misuse or unauthorized command execution through social engineering. [3]

Impact Analysis

This vulnerability can impact you by allowing a local attacker on the same system to manipulate your chat history, including injecting malicious commands that you might trust and execute. This can lead to unauthorized command execution, privilege misuse, and potentially harmful actions on your system without requiring elevated privileges or authentication. [3]

Mitigation Strategies

To mitigate this vulnerability, you should apply the security updates provided by Red Hat for the command-line-assistant package as detailed in advisories RHSA-2025:16345 and RHSA-2025:16346. Ensure all previously released errata are installed before applying these updates. Following Red Hat's official update procedures and documentation is recommended to properly address the improper access control flaw in the Lightspeed History Management component. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-5962. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart