Vulnerability Database

309,364

Total vulnerabilities in the database

CVE-2025-23395

Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. This allows unprivileged users to create files in arbitrary locations with root ownership, the invoking user's (real) group ownership and file mode 0644. All data written to the Screen PTY will be logged into this file, allowing to escalate to root privileges

Published: May 26, 2025
Updated: Nov 16, 2025
CVE: CVE-2025-23395
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-271

Affected Software
References

No affected software listed.

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23395
https://www.openwall.com/lists/oss-security/2025/05/12/1

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo