Vulnerability-Lookup

CVE-2025-5962 (GCVE-0-2025-5962)

Vulnerability from cvelistv5 – Published: 2025-09-22 08:04 – Updated: 2025-11-11 10:23

Title

Rhel-lightspeed: improper access control in lightspeed history management allows local privilege manipulation

Summary

A flaw was found in the Lightspeed history service. Insufficient access controls allow a local, unprivileged user to access and manipulate the chat history of another user on the same system. By abusing inter-process communication calls to the history service, an attacker can view, delete, or inject arbitrary history entries, including misleading or malicious commands. This can be used to deceive another user into executing harmful actions, posing a risk of privilege misuse or unauthorized command execution through social engineering.

Severity ?

7.7 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-284 - Improper Access Control

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2025:16345	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:16346	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-5962	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2371363	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Red Hat

Red Hat Enterprise Linux 10

Unaffected: 0:0.3.1-6.el10_0 , < * (rpm)
cpe:/o:redhat:enterprise_linux:10.0

Red Hat

Red Hat Enterprise Linux 9

Unaffected: 0:0.3.1-6.el9_6 , < * (rpm)
cpe:/a:redhat:enterprise_linux:9::appstream

Credits

Red Hat would like to thank Jon Weiser (RedHat) and Oleg Sushchenko (RedHat) for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-5962",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-22T15:48:42.756097Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-22T15:48:48.257Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.0"
          ],
          "defaultStatus": "affected",
          "packageName": "command-line-assistant",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.3.1-6.el10_0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "command-line-assistant",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.3.1-6.el9_6",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Jon Weiser (RedHat) and Oleg Sushchenko (RedHat) for reporting this issue."
        }
      ],
      "datePublic": "2025-06-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the Lightspeed history service. Insufficient access controls allow a local, unprivileged user to access and manipulate the chat history of another user on the same system. By abusing inter-process communication  calls to the history service, an attacker can view, delete, or inject arbitrary history entries, including misleading or malicious commands. This can be used to deceive another user into executing harmful actions, posing a risk of privilege misuse or unauthorized command execution through social engineering."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-11T10:23:10.278Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:16345",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:16345"
        },
        {
          "name": "RHSA-2025:16346",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:16346"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-5962"
        },
        {
          "name": "RHBZ#2371363",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2371363"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-06-10T05:54:13.424000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-06-10T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Rhel-lightspeed: improper access control in lightspeed history management allows local privilege manipulation",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria, which include ease of use and deployment, applicability to a widespread installation base, and system stability."
        }
      ],
      "x_redhatCweChain": "CWE-284: Improper Access Control"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-5962",
    "datePublished": "2025-09-22T08:04:39.673Z",
    "dateReserved": "2025-06-10T06:06:36.103Z",
    "dateUpdated": "2025-11-11T10:23:10.278Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-5962\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2025-09-22T08:15:34.533\",\"lastModified\":\"2025-09-22T21:22:33.590\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in the Lightspeed history service. Insufficient access controls allow a local, unprivileged user to access and manipulate the chat history of another user on the same system. By abusing inter-process communication  calls to the history service, an attacker can view, delete, or inject arbitrary history entries, including misleading or malicious commands. This can be used to deceive another user into executing harmful actions, posing a risk of privilege misuse or unauthorized command execution through social engineering.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":7.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.5,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2025:16345\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:16346\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2025-5962\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2371363\",\"source\":\"secalert@redhat.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-5962\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-22T15:48:42.756097Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-22T15:48:44.799Z\"}}], \"cna\": {\"title\": \"Rhel-lightspeed: improper access control in lightspeed history management allows local privilege manipulation\", \"credits\": [{\"lang\": \"en\", \"value\": \"Red Hat would like to thank Jon Weiser (RedHat) and Oleg Sushchenko (RedHat) for reporting this issue.\"}], \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Moderate\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.7, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10.0\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:0.3.1-6.el10_0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"command-line-assistant\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:0.3.1-6.el9_6\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"command-line-assistant\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-06-10T05:54:13.424000+00:00\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2025-06-10T00:00:00+00:00\", \"value\": \"Made public.\"}], \"datePublic\": \"2025-06-10T00:00:00.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2025:16345\", \"name\": \"RHSA-2025:16345\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:16346\", \"name\": \"RHSA-2025:16346\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2025-5962\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2371363\", \"name\": \"RHBZ#2371363\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria, which include ease of use and deployment, applicability to a widespread installation base, and system stability.\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in the Lightspeed history service. Insufficient access controls allow a local, unprivileged user to access and manipulate the chat history of another user on the same system. By abusing inter-process communication  calls to the history service, an attacker can view, delete, or inject arbitrary history entries, including misleading or malicious commands. This can be used to deceive another user into executing harmful actions, posing a risk of privilege misuse or unauthorized command execution through social engineering.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"Improper Access Control\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2025-11-11T10:23:10.278Z\"}, \"x_redhatCweChain\": \"CWE-284: Improper Access Control\"}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-5962\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-11T10:23:10.278Z\", \"dateReserved\": \"2025-06-10T06:06:36.103Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2025-09-22T08:04:39.673Z\", \"assignerShortName\": \"redhat\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2025-5962

Vulnerability from fkie_nvd - Published: 2025-09-22 08:15 - Updated: 2025-09-22 21:22

Severity ?

7.7 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Summary

References

	URL	Tags
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:16345
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:16346
	secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2025-5962
	secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2371363

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in the Lightspeed history service. Insufficient access controls allow a local, unprivileged user to access and manipulate the chat history of another user on the same system. By abusing inter-process communication  calls to the history service, an attacker can view, delete, or inject arbitrary history entries, including misleading or malicious commands. This can be used to deceive another user into executing harmful actions, posing a risk of privilege misuse or unauthorized command execution through social engineering."
    }
  ],
  "id": "CVE-2025-5962",
  "lastModified": "2025-09-22T21:22:33.590",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 7.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.2,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-09-22T08:15:34.533",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:16345"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:16346"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/security/cve/CVE-2025-5962"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2371363"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    }
  ]
}

WID-SEC-W-2025-2100

Vulnerability from csaf_certbund - Published: 2025-09-21 22:00 - Updated: 2025-09-21 22:00

Summary

Red Hat Enterprise Linux (Lightspeed): Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.

Angriff

Ein lokaler Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux ausnutzen, um Sicherheitsvorkehrungen zu umgehen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-2100 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2100.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-2100 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2100"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory vom 2025-09-21",
        "url": "https://access.redhat.com/errata/RHSA-2025:16345"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory vom 2025-09-21",
        "url": "https://access.redhat.com/errata/RHSA-2025:16346"
      }
    ],
    "source_lang": "en-US",
    "title": "Red Hat Enterprise Linux (Lightspeed): Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen",
    "tracking": {
      "current_release_date": "2025-09-21T22:00:00.000+00:00",
      "generator": {
        "date": "2025-09-22T11:06:06.885+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-2100",
      "initial_release_date": "2025-09-21T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-09-21T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Lightspeed",
                "product": {
                  "name": "Red Hat Enterprise Linux Lightspeed",
                  "product_id": "T047109",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:lightspeed"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-5962",
      "product_status": {
        "known_affected": [
          "T047109"
        ]
      },
      "release_date": "2025-09-21T22:00:00.000+00:00",
      "title": "CVE-2025-5962"
    }
  ]
}

GHSA-3C94-6M3R-2FRP

Vulnerability from github – Published: 2025-09-22 21:30 – Updated: 2025-09-22 21:30

Details

Severity ?

7.7 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-5962"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-22T08:15:34Z",
    "severity": "HIGH"
  },
  "details": "A flaw was found in the Lightspeed history service. Insufficient access controls allow a local, unprivileged user to access and manipulate the chat history of another user on the same system. By abusing inter-process communication  calls to the history service, an attacker can view, delete, or inject arbitrary history entries, including misleading or malicious commands. This can be used to deceive another user into executing harmful actions, posing a risk of privilege misuse or unauthorized command execution through social engineering.",
  "id": "GHSA-3c94-6m3r-2frp",
  "modified": "2025-09-22T21:30:20Z",
  "published": "2025-09-22T21:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5962"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:16345"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:16346"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2025-5962"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2371363"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

RHSA-2025:16346

Vulnerability from csaf_redhat - Published: 2025-09-22 09:58 - Updated: 2025-11-21 19:26

Summary

Red Hat Security Advisory: command-line-assistant security update

Notes

Topic

An update for command-line-assistant is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

The command-line-assistant package provides a simple wrapper to interact with RAG. Security Fix: * command-line-assistant: Improper Access Control in Lightspeed History Management Allows Local Privilege Manipulation (CVE-2025-5962) For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for command-line-assistant is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The command-line-assistant package provides a simple wrapper to interact with RAG.\n\nSecurity Fix:\n\n* command-line-assistant: Improper Access Control in Lightspeed History Management Allows Local Privilege Manipulation (CVE-2025-5962)\n\nFor more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:16346",
        "url": "https://access.redhat.com/errata/RHSA-2025:16346"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_16346.json"
      }
    ],
    "title": "Red Hat Security Advisory: command-line-assistant security update",
    "tracking": {
      "current_release_date": "2025-11-21T19:26:42+00:00",
      "generator": {
        "date": "2025-11-21T19:26:42+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2025:16346",
      "initial_release_date": "2025-09-22T09:58:43+00:00",
      "revision_history": [
        {
          "date": "2025-09-22T09:58:43+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-09-22T09:58:43+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T19:26:42+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream (v. 9)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream (v. 9)",
                  "product_id": "AppStream-9.6.0.Z.MAIN.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "command-line-assistant-0:0.3.1-6.el9_6.src",
                "product": {
                  "name": "command-line-assistant-0:0.3.1-6.el9_6.src",
                  "product_id": "command-line-assistant-0:0.3.1-6.el9_6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/command-line-assistant@0.3.1-6.el9_6?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "command-line-assistant-0:0.3.1-6.el9_6.noarch",
                "product": {
                  "name": "command-line-assistant-0:0.3.1-6.el9_6.noarch",
                  "product_id": "command-line-assistant-0:0.3.1-6.el9_6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/command-line-assistant@0.3.1-6.el9_6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "command-line-assistant-selinux-0:0.3.1-6.el9_6.noarch",
                "product": {
                  "name": "command-line-assistant-selinux-0:0.3.1-6.el9_6.noarch",
                  "product_id": "command-line-assistant-selinux-0:0.3.1-6.el9_6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/command-line-assistant-selinux@0.3.1-6.el9_6?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "command-line-assistant-0:0.3.1-6.el9_6.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.6.0.Z.MAIN.EUS:command-line-assistant-0:0.3.1-6.el9_6.noarch"
        },
        "product_reference": "command-line-assistant-0:0.3.1-6.el9_6.noarch",
        "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "command-line-assistant-0:0.3.1-6.el9_6.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.6.0.Z.MAIN.EUS:command-line-assistant-0:0.3.1-6.el9_6.src"
        },
        "product_reference": "command-line-assistant-0:0.3.1-6.el9_6.src",
        "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "command-line-assistant-selinux-0:0.3.1-6.el9_6.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.6.0.Z.MAIN.EUS:command-line-assistant-selinux-0:0.3.1-6.el9_6.noarch"
        },
        "product_reference": "command-line-assistant-selinux-0:0.3.1-6.el9_6.noarch",
        "relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Oleg Sushchenko",
            "Jon Weiser"
          ],
          "organization": "RedHat"
        }
      ],
      "cve": "CVE-2025-5962",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "discovery_date": "2025-06-10T05:54:13.424000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2371363"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Lightspeed history service. Insufficient access controls allow a local, unprivileged user to access and manipulate the chat history of another user on the same system. By abusing inter-process communication  calls to the history service, an attacker can view, delete, or inject arbitrary history entries, including misleading or malicious commands. This can be used to deceive another user into executing harmful actions, posing a risk of privilege misuse or unauthorized command execution through social engineering.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "rhel-lightspeed: Improper Access Control in Lightspeed History Management Allows Local Privilege Manipulation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The Red Hat Product Security team assesses the severity of this vulnerability as Moderate, despite a CVSS v3.1 base score of 7.7. The issue is limited to local exploitation and does not require elevated privileges, making it accessible to any standard user on the system. Successful exploitation allows unauthorized access and manipulation of another user\u0027s chat history, potentially leading to exposure of sensitive data or injection of misleading commands. However, the impact is constrained to multi-user environments and does not affect remote systems or cause service disruption.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.6.0.Z.MAIN.EUS:command-line-assistant-0:0.3.1-6.el9_6.noarch",
          "AppStream-9.6.0.Z.MAIN.EUS:command-line-assistant-0:0.3.1-6.el9_6.src",
          "AppStream-9.6.0.Z.MAIN.EUS:command-line-assistant-selinux-0:0.3.1-6.el9_6.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-5962"
        },
        {
          "category": "external",
          "summary": "RHBZ#2371363",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2371363"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-5962",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-5962"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5962",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5962"
        }
      ],
      "release_date": "2025-06-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-09-22T09:58:43+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.6.0.Z.MAIN.EUS:command-line-assistant-0:0.3.1-6.el9_6.noarch",
            "AppStream-9.6.0.Z.MAIN.EUS:command-line-assistant-0:0.3.1-6.el9_6.src",
            "AppStream-9.6.0.Z.MAIN.EUS:command-line-assistant-selinux-0:0.3.1-6.el9_6.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:16346"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria, which include ease of use and deployment, applicability to a widespread installation base, and system stability.",
          "product_ids": [
            "AppStream-9.6.0.Z.MAIN.EUS:command-line-assistant-0:0.3.1-6.el9_6.noarch",
            "AppStream-9.6.0.Z.MAIN.EUS:command-line-assistant-0:0.3.1-6.el9_6.src",
            "AppStream-9.6.0.Z.MAIN.EUS:command-line-assistant-selinux-0:0.3.1-6.el9_6.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.6.0.Z.MAIN.EUS:command-line-assistant-0:0.3.1-6.el9_6.noarch",
            "AppStream-9.6.0.Z.MAIN.EUS:command-line-assistant-0:0.3.1-6.el9_6.src",
            "AppStream-9.6.0.Z.MAIN.EUS:command-line-assistant-selinux-0:0.3.1-6.el9_6.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "rhel-lightspeed: Improper Access Control in Lightspeed History Management Allows Local Privilege Manipulation"
    }
  ]
}

RHSA-2025:16345

Vulnerability from csaf_redhat - Published: 2025-09-22 09:25 - Updated: 2025-11-21 19:26

Summary

Red Hat Security Advisory: command-line-assistant security update

Notes

Topic

An update for command-line-assistant is now available for Red Hat Enterprise Linux 10.0. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for command-line-assistant is now available for Red Hat Enterprise Linux 10.0.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The command-line-assistant package provides a simple wrapper to interact with RAG.\n\nSecurity Fix:\n\n* command-line-assistant: Improper Access Control in Lightspeed History Management Allows Local Privilege Manipulation (CVE-2025-5962)\n\nFor more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:16345",
        "url": "https://access.redhat.com/errata/RHSA-2025:16345"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_16345.json"
      }
    ],
    "title": "Red Hat Security Advisory: command-line-assistant security update",
    "tracking": {
      "current_release_date": "2025-11-21T19:26:41+00:00",
      "generator": {
        "date": "2025-11-21T19:26:41+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2025:16345",
      "initial_release_date": "2025-09-22T09:25:28+00:00",
      "revision_history": [
        {
          "date": "2025-09-22T09:25:28+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-09-22T09:25:28+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T19:26:41+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream (v. 10)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream (v. 10)",
                  "product_id": "AppStream-10.0.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:10.0"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "command-line-assistant-0:0.3.1-6.el10_0.src",
                "product": {
                  "name": "command-line-assistant-0:0.3.1-6.el10_0.src",
                  "product_id": "command-line-assistant-0:0.3.1-6.el10_0.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/command-line-assistant@0.3.1-6.el10_0?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "command-line-assistant-0:0.3.1-6.el10_0.noarch",
                "product": {
                  "name": "command-line-assistant-0:0.3.1-6.el10_0.noarch",
                  "product_id": "command-line-assistant-0:0.3.1-6.el10_0.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/command-line-assistant@0.3.1-6.el10_0?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "command-line-assistant-selinux-0:0.3.1-6.el10_0.noarch",
                "product": {
                  "name": "command-line-assistant-selinux-0:0.3.1-6.el10_0.noarch",
                  "product_id": "command-line-assistant-selinux-0:0.3.1-6.el10_0.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/command-line-assistant-selinux@0.3.1-6.el10_0?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "command-line-assistant-0:0.3.1-6.el10_0.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.0.Z:command-line-assistant-0:0.3.1-6.el10_0.noarch"
        },
        "product_reference": "command-line-assistant-0:0.3.1-6.el10_0.noarch",
        "relates_to_product_reference": "AppStream-10.0.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "command-line-assistant-0:0.3.1-6.el10_0.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.0.Z:command-line-assistant-0:0.3.1-6.el10_0.src"
        },
        "product_reference": "command-line-assistant-0:0.3.1-6.el10_0.src",
        "relates_to_product_reference": "AppStream-10.0.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "command-line-assistant-selinux-0:0.3.1-6.el10_0.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.0.Z:command-line-assistant-selinux-0:0.3.1-6.el10_0.noarch"
        },
        "product_reference": "command-line-assistant-selinux-0:0.3.1-6.el10_0.noarch",
        "relates_to_product_reference": "AppStream-10.0.Z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Oleg Sushchenko",
            "Jon Weiser"
          ],
          "organization": "RedHat"
        }
      ],
      "cve": "CVE-2025-5962",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "discovery_date": "2025-06-10T05:54:13.424000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2371363"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Lightspeed history service. Insufficient access controls allow a local, unprivileged user to access and manipulate the chat history of another user on the same system. By abusing inter-process communication  calls to the history service, an attacker can view, delete, or inject arbitrary history entries, including misleading or malicious commands. This can be used to deceive another user into executing harmful actions, posing a risk of privilege misuse or unauthorized command execution through social engineering.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "rhel-lightspeed: Improper Access Control in Lightspeed History Management Allows Local Privilege Manipulation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The Red Hat Product Security team assesses the severity of this vulnerability as Moderate, despite a CVSS v3.1 base score of 7.7. The issue is limited to local exploitation and does not require elevated privileges, making it accessible to any standard user on the system. Successful exploitation allows unauthorized access and manipulation of another user\u0027s chat history, potentially leading to exposure of sensitive data or injection of misleading commands. However, the impact is constrained to multi-user environments and does not affect remote systems or cause service disruption.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-10.0.Z:command-line-assistant-0:0.3.1-6.el10_0.noarch",
          "AppStream-10.0.Z:command-line-assistant-0:0.3.1-6.el10_0.src",
          "AppStream-10.0.Z:command-line-assistant-selinux-0:0.3.1-6.el10_0.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-5962"
        },
        {
          "category": "external",
          "summary": "RHBZ#2371363",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2371363"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-5962",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-5962"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5962",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5962"
        }
      ],
      "release_date": "2025-06-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-09-22T09:25:28+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-10.0.Z:command-line-assistant-0:0.3.1-6.el10_0.noarch",
            "AppStream-10.0.Z:command-line-assistant-0:0.3.1-6.el10_0.src",
            "AppStream-10.0.Z:command-line-assistant-selinux-0:0.3.1-6.el10_0.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:16345"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria, which include ease of use and deployment, applicability to a widespread installation base, and system stability.",
          "product_ids": [
            "AppStream-10.0.Z:command-line-assistant-0:0.3.1-6.el10_0.noarch",
            "AppStream-10.0.Z:command-line-assistant-0:0.3.1-6.el10_0.src",
            "AppStream-10.0.Z:command-line-assistant-selinux-0:0.3.1-6.el10_0.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-10.0.Z:command-line-assistant-0:0.3.1-6.el10_0.noarch",
            "AppStream-10.0.Z:command-line-assistant-0:0.3.1-6.el10_0.src",
            "AppStream-10.0.Z:command-line-assistant-selinux-0:0.3.1-6.el10_0.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "rhel-lightspeed: Improper Access Control in Lightspeed History Management Allows Local Privilege Manipulation"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-5962 (GCVE-0-2025-5962)

FKIE_CVE-2025-5962

WID-SEC-W-2025-2100

GHSA-3C94-6M3R-2FRP

RHSA-2025:16346

RHSA-2025:16345

Tags

Sightings

Nomenclature