Insecure Temporary File Vulnerability in openSUSE sdbootutil
CVE-2026-25701

7HIGH

Key Information:

Vendor: Opensuse
Status: Sdbootutil
Vendor: CVE Published:; 25 February 2026

What is CVE-2026-25701?

An Insecure Temporary File vulnerability in openSUSE sdbootutil allows local users to create directories that can lead to unauthorized access to sensitive information in /var/lib/pcrlock.d. This flaw also enables users to manipulate backup data in /tmp/pcrlock.d.bak, potentially compromising the integrity of restored data. Additionally, it permits overwriting protected system files through symlinks in the directory tree, further endangering system security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

sdbootutil ? < 5880246d3a02642dc68f5c8cb474bf63cdb56bca

References

https://bugzilla.suse.com/show_bug.cgi?id=1258241

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 25, 2026
Vulnerability Reserved
Feb 5, 2026

Credit

Matthias Gerstner of SUSE

JSON

Opensuse