CVE-2025-5962

Summary

A flaw was found in the Lightspeed history service. Insufficient access controls allow a local, unprivileged user to access and manipulate the chat history of another user on the same system. By abusing inter-process communication calls to the history service, an attacker can view, delete, or inject arbitrary history entries, including misleading or malicious commands. This can be used to deceive another user into executing harmful actions, posing a risk of privilege misuse or unauthorized command execution through social engineering.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Enterprise Linux 100:0.3.1-6.el10_0 < *unaffected
Red HatRed Hat Enterprise Linux 90:0.3.1-6.el9_6 < *unaffected

Weaknesses

  • CWE-284: Improper Access Control

Workarounds

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria, which include ease of use and deployment, applicability to a widespread installation base, and system stability.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References