Detections
Analytics

CVE-2025-5962

high

Description

A flaw was found in the Lightspeed history service. Insufficient access controls allow a local, unprivileged user to access and manipulate the chat history of another user on the same system. By abusing inter-process communication calls to the history service, an attacker can view, delete, or inject arbitrary history entries, including misleading or malicious commands. This can be used to deceive another user into executing harmful actions, posing a risk of privilege misuse or unauthorized command execution through social engineering.

References

https://access.redhat.com/errata/RHSA-2025:16346

https://access.redhat.com/errata/RHSA-2025:16345

https://bugzilla.redhat.com/show_bug.cgi?id=2371363

https://access.redhat.com/security/cve/CVE-2025-5962

Details

Source: Mitre, NVD

Published: 2025-09-22

Updated: 2025-09-22

Risk Information

CVSS v2

Base Score: 6.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:N

Severity: Medium

CVSS v3

Base Score: 7.7

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: High

EPSS

EPSS: 0.00014