CVE-2026-25701

216.73.217.22

· Published 25/02/2026 12:16 · Modified 25/02/2026 14:15

Labels: CVE-2026-25701 2026-02-25 CVE-2026-25701 CWE-377 [email protected]

Essential information

Published: 25/02/2026 12:16
Modified: 25/02/2026 14:15
Author: —
Creator: —
CVSS: 7.0 HIGH (v3) 7.0 HIGH (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

An Insecure Temporary File vulnerability in openSUSE sdbootutil allows local users to pre-create a directory to achieve various effects like: * gain access to possible private information found in /var/lib/pcrlock.d * manipulate the data backed up in /tmp/pcrlock.d.bak, therefore violating the integrity of the data should it be restored. * overwrite protected system files with data from /var/lib/pcrlock.d by placing symlinks to existing files in the directory tree in /tmp/pcrlock.d.bak. This issue affects sdbootutil: from ? before 5880246d3a02642dc68f5c8cb474bf63cdb56bca.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
opensuse / sdbootutil	`cpe:2.3:a:opensuse:sdbootutil::::::::`
opensuse / sdbootutil	`cpe:2.3:a:opensuse:sdbootutil:<5880246d3a02642dc68f5c8cb474bf63cdb56bca:::::::*`