Access Control Flaw in Lightspeed History Service by Red Hat
CVE-2025-5962

7.7HIGH

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 9
Vendor
CVE Published:
22 September 2025

What is CVE-2025-5962?

A significant flaw exists within the Lightspeed history service, where inadequate access controls permit local, unprivileged users to access and manipulate another user's chat history on the same system. By exploiting inter-process communication calls to the history service, attackers can view, delete, or inject arbitrary history entries, including harmful commands. This capability not only jeopardizes user privacy but also opens the door for social engineering attacks, potentially leading to unauthorized command execution and privilege misuse.

Affected Version(s)

Red Hat Enterprise Linux 10 0:0.3.1-6.el10_0

Red Hat Enterprise Linux 9 0:0.3.1-6.el9_6

References

https://access.redhat.com/errata/RHSA-2025:16345
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:16346
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-5962
vdb-entryx_refsource_REDHAT

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank Jon Weiser (RedHat) and Oleg Sushchenko (RedHat) for reporting this issue.
.
CVE-2025-5962 : Access Control Flaw in Lightspeed History Service by Red Hat