PT-2025-35324 · Unknown+2 · Tracing-Subscriber+2

Zefr0X

·

Published

2025-01-01

·

Updated

2026-04-15

·

CVE-2025-58160

CVSS v2.0

5.0

Medium

VectorAV:N/AC:L/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions tracing-subscriber versions prior to 0.3.20
Description tracing-subscriber was susceptible to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into terminal output when logged, potentially allowing manipulation of terminal title bars, screen clearing, or modification of the terminal display, potentially misleading users. Security issues in terminal emulators have been found that enabled an attacker to use ANSI escape sequences via logs to exploit vulnerabilities in the terminal emulator.
Recommendations Update to version 0.3.20 or later to resolve this issue. As a temporary workaround, avoid printing logs to terminal emulators without escaping ANSI control sequences.

Exploit

Fix

Weakness Enumeration

CWE-150

Related Identifiers

AZL-73211
AZL-73217
AZL-73220
AZL-73223
AZL-73244
AZL-73247
AZL-78618
BDU:2026-06110
CVE-2025-58160
GHSA-XWFJ-JGWM-7WP5
OPENSUSE-FU-2026:20453-1
OPENSUSE-SU-2025-20114-1
OPENSUSE-SU-2025:15512-1
OPENSUSE-SU-2025:15514-1
OPENSUSE-SU-2025:15517-1
OPENSUSE-SU-2025:15518-1
OPENSUSE-SU-2025:15519-1
OPENSUSE-SU-2025:15540-1
OPENSUSE-SU-2025:15550-1
OPENSUSE-SU-2025:15551-1
OPENSUSE-SU-2025:15552-1
OPENSUSE-SU-2025:20114-1
OPENSUSE-SU-2026:20026-1
OPENSUSE-SU-2026:20060-1
OPENSUSE-SU-2026:20180-1
RUSTSEC-2025-0055
SUSE-FU-2026:20990-1
SUSE-SU-2025:03082-1
SUSE-SU-2025:21158-1
SUSE-SU-2025:3869-1
SUSE-SU-2025:4091-1
SUSE-SU-2025_21158-1
SUSE-SU-2025_3869-1
SUSE-SU-2026:1361-1
SUSE-SU-2026:20077-1
SUSE-SU-2026:20096-1
SUSE-SU-2026:20235-1
SUSE-SU-2026:20335-1

Affected Products

Debian
Suse
Tracing-Subscriber