CVE-2025-5962
HIGHRed Hat Enterprise Linux 10 - Unauthenticated Improper Access Control in Lightspeed History Service
Title source: llmDescription
A flaw was found in the Lightspeed history service. Insufficient access controls allow a local, unprivileged user to access and manipulate the chat history of another user on the same system. By abusing inter-process communication calls to the history service, an attacker can view, delete, or inject arbitrary history entries, including misleading or malicious commands. This can be used to deceive another user into executing harmful actions, posing a risk of privilege misuse or unauthorized command execution through social engineering.
References (4)
Core 4
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:16345
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:16346
Vendor Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2025-5962
Issue Tracking issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2371363
Scores
CVSS v3
7.7
EPSS
0.0002
EPSS Percentile
7.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-284
Status
published
Products (2)
Red Hat/Red Hat Enterprise Linux 10
0:0.3.1-6.el10_0
Red Hat/Red Hat Enterprise Linux 9
0:0.3.1-6.el9_6
Published
Sep 22, 2025
Tracked Since
Feb 18, 2026