Detection Guidance

This vulnerability was detected using CodeQL's TOCTOU race condition detection rules during a code scan. To detect it on your system, you can perform static code analysis with CodeQL focusing on TOCTOU race conditions in the linenoiseHistorySave function or similar code paths. There are no specific network detection commands since this is a local file overwrite vulnerability. [1]

Useful 0 Not Useful 0

Executive Summary

CVE-2025-9810 is a Time-Of-Check to Time-Of-Use (TOCTOU) race condition vulnerability in the linenoiseHistorySave() function of the linenoise library. It occurs because the function opens a history file with fopen(filename, "w") and then calls chmod(filename, ...) separately. Between these two operations, an attacker can exploit a symlink race by changing the symlink target, allowing them to overwrite arbitrary files and change their permissions improperly. This means a local attacker can overwrite files and alter permissions with the privileges of the process running linenoise, potentially affecting files outside the intended history file. [1]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can allow a local attacker to overwrite arbitrary files and change their permissions on the system with the privileges of the linenoise process. This can lead to unauthorized modification of files, potential privilege escalation, and compromise of system integrity. It may also allow attackers to bypass confidentiality protections on history files or other sensitive files by changing permissions or content. [1]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation involves updating the linenoise library to a version where the vulnerability is fixed. The fix replaces the separate chmod() call with fchmod() on the already opened file descriptor, eliminating the race condition. Also, ensure that downstream projects using linenoise, such as redis-cli, are updated accordingly to incorporate the fix. [1]

Useful 0 Not Useful 0