CVE-2025-23395

Name	CVE-2025-23395
Description	Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. This allows unprivileged users to create files in arbitrary locations with `root` ownership, the invoking user's (real) group ownership and file mode 0644. All data written to the Screen PTY will be logged into this file, allowing to escalate to root privileges
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
screen (PTS)	bullseye	4.8.0-6	fixed
	bookworm	4.9.0-4	fixed
	sid, trixie	4.9.1-3	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
screen	source	(unstable)	(not affected)

Notes

- screen <not-affected> (Vulnerable code only introduced in Scren v5 branch)
Introduced with: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=441bca708bd197ae15d031ccfd2b42077eeebedc (v.5.0.0)
Fixed by: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=e894caeffccdb62f9c644989a936dc7ec83cc747
https://www.openwall.com/lists/oss-security/2025/05/12/1