CVE-2025-9810
BaseFortify
Publication date: 2025-09-01
Last updated on: 2026-04-22
Assigner: CyberArk Labs
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| antirez | linenoise | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-367 | The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability was detected using CodeQL's TOCTOU race condition detection rules during a code scan. To detect it on your system, you can perform static code analysis with CodeQL focusing on TOCTOU race conditions in the linenoiseHistorySave function or similar code paths. There are no specific network detection commands since this is a local file overwrite vulnerability. [1]
Can you explain this vulnerability to me?
CVE-2025-9810 is a Time-Of-Check to Time-Of-Use (TOCTOU) race condition vulnerability in the linenoiseHistorySave() function of the linenoise library. It occurs because the function opens a history file with fopen(filename, "w") and then calls chmod(filename, ...) separately. Between these two operations, an attacker can exploit a symlink race by changing the symlink target, allowing them to overwrite arbitrary files and change their permissions improperly. This means a local attacker can overwrite files and alter permissions with the privileges of the process running linenoise, potentially affecting files outside the intended history file. [1]
How can this vulnerability impact me? :
This vulnerability can allow a local attacker to overwrite arbitrary files and change their permissions on the system with the privileges of the linenoise process. This can lead to unauthorized modification of files, potential privilege escalation, and compromise of system integrity. It may also allow attackers to bypass confidentiality protections on history files or other sensitive files by changing permissions or content. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves updating the linenoise library to a version where the vulnerability is fixed. The fix replaces the separate chmod() call with fchmod() on the already opened file descriptor, eliminating the race condition. Also, ensure that downstream projects using linenoise, such as redis-cli, are updated accordingly to incorporate the fix. [1]