CVE-2025-9810

Name of the Vulnerable Software and Affected Versions linenoise (affected versions not specified)

Description A time-of-check to time-of-use (TOCTOU) issue exists in the linenoiseHistorySave function within the linenoise library. This flaw allows local attackers to overwrite arbitrary files and modify permissions by exploiting a symlink race condition. The race occurs between the fopen("w") operation on the history path and a subsequent chmod() operation on the same path.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.