CVE-2025-46802
📋 TL;DR
This vulnerability in screen allows any local user to connect to another user's screen session during a brief window when the PTY device has overly permissive permissions (mode 666). This affects systems where screen is installed and multiple users have shell access.
💻 Affected Systems
- screen terminal multiplexer
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker could hijack active screen sessions to execute commands as other users, potentially escalating privileges or accessing sensitive data.
Likely Case
Local users can spy on or interfere with other users' screen sessions, leading to information disclosure or session disruption.
If Mitigated
With proper user separation and monitoring, impact is limited to potential session snooping between non-privileged users.
🎯 Exploit Status
Exploitation requires local access and timing to catch the brief 666 permission window.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisories for specific patched versions
Vendor Advisory: https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-46802
Restart Required: No
Instructions:
1. Check your distribution's security advisories. 2. Update screen package via package manager. 3. No restart needed, but existing screen sessions should be restarted.
🔧 Temporary Workarounds
Restrict screen usage
linuxLimit screen usage to trusted users or disable where not needed
chmod 750 /usr/bin/screen
setfacl -m u:trusteduser:rx /usr/bin/screen
Monitor PTY permissions
linuxUse monitoring tools to detect PTY devices with 666 permissions
find /dev/pts -perm 666 -ls
🧯 If You Can't Patch
- Implement strict user separation and monitor for unauthorized screen session access
- Use alternative terminal multiplexers like tmux that don't have this vulnerability
🔍 How to Verify
Check if Vulnerable:
Check screen version and test if PTY devices briefly appear with 666 permissions during session creationCheck Version:
screen --versionVerify Fix Applied:
Verify screen package version is updated and test that PTY permissions remain restricted during session creation📡 Detection & Monitoring
Log Indicators:
- Multiple users accessing same PTY device
- Failed screen session connections from unexpected users
Network Indicators:
- Not applicable - local vulnerability only
SIEM Query:
search 'screen' AND 'permission denied' OR 'PTY' AND user!=expected_user