CVE-2025-23395 – Screen Root Privilege Escalation Vulnerability

May 26, 2025

CVE ID : CVE-2025-23395

Published : May 26, 2025, 4:15 p.m. | 42 minutes ago

Description : Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. This allows unprivileged users to create files in arbitrary locations with `root` ownership, the invoking user’s (real) group ownership and file mode 0644. All data written to the Screen PTY will be logged into this file, allowing to escalate to root privileges

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46802 – PuTTY Screen Session Privilege Escalation Vulnerability

Next Article CVE-2025-23394 – openSUSE cyrus-imapd Symbolic Link Escalation to Root

Highlights

CVE-2025-40651 – Real Easy Store Reflected Cross-Site Scripting (XSS)

May 28, 2025

CVE ID : CVE-2025-40651

Published : May 28, 2025, 2:15 p.m. | 2 hours, 45 minutes ago

Description : Reflected Cross-Site Scripting (XSS) vulnerability in Real Easy Store. This vulnerability allows an attacker to execute JavaScript code in the victim’s browser by sending the victim a malicious URL using the keyword parameter in /index.php?a=search. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Report: 71% of tech leaders won’t hire devs without AI skills

Slack’s AI search now works across an organization’s entire knowledge base

In-House vs Outsourcing for React.js Development: Understand What Is Best for Your Enterprise

Tiny Screens, Big Impact: The Forgotten Art Of Developing Web Apps For Feature Phones

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

Steam takes down tons of porn games, cracks down on “certain kinds of adult-only content” — here’s why, and its new policy

Oblivion Remastered and Metal Gear Solid Delta co-developer Virtuos faces layoffs — with 270 workers cut

The details of TC39’s last meeting

The details of TC39’s last meeting

Notes Android App Using SQLite

How to Get Security Patches for Legacy Unsupported Node.js Versions

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

Steam takes down tons of porn games, cracks down on “certain kinds of adult-only content” — here’s why, and its new policy

CVE-2025-23395 – Screen Root Privilege Escalation Vulnerability

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

ES6: Set Vs Array- What and When?

Automating Vultr Cloud Infrastructure with Terraform

Microsoft celebrates 50th anniversary with a new Xbox Dynamic Background and more

Do I Have Windows 11? Easy Ways to Check Version

CVE-2025-40651 – Real Easy Store Reflected Cross-Site Scripting (XSS)

Playwright Report Portal Integration Guide

CVE-2025-4308 – PHPGurukul Art Gallery Management System SQL Injection Vulnerability

CVE-2025-30173 – Aspect Server-Side Request Forgery (SSRF) Vulnerability

CVE-2025-23395 – Screen Root Privilege Escalation Vulnerability

Related Posts