vulnerability
Red Hat: CVE-2025-5962: rhel-lightspeed: Improper Access Control in Lightspeed History Management Allows Local Privilege Manipulation (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:N/C:C/I:C/A:N) | Jun 10, 2025 | Sep 23, 2025 | Jan 28, 2026 |
Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:N)
Published
Jun 10, 2025
Added
Sep 23, 2025
Modified
Jan 28, 2026
Description
A flaw was found in the Lightspeed history service. Insufficient access controls allow a local, unprivileged user to access and manipulate the chat history of another user on the same system. By abusing inter-process communication calls to the history service, an attacker can view, delete, or inject arbitrary history entries, including misleading or malicious commands. This can be used to deceive another user into executing harmful actions, posing a risk of privilege misuse or unauthorized command execution through social engineering.
Solutions
redhat-upgrade-command-line-assistantredhat-upgrade-command-line-assistant-selinux
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.