CVE-2025-29906

Name of the Vulnerable Software and Affected Versions Finit versions 3.0-rc1 through 4.11

Description Finit is a fast init for Linux systems. The issue concerns the implementation of getty for the tty configuration directive, which can bypass /bin/login, allowing a user to log in as any user without authentication. This can be exploited by manipulating the login prompt and requires access to the console. The problem has been patched in version 4.11.

Recommendations To resolve the issue, update to version 4.11 or later, as this version includes the patch for the authentication bypass issue. As a temporary workaround, consider restricting access to the console to minimize the risk of exploitation.