The vulnerability of the logfile_reopen() function in the GNU screen terminal multiplexer allows a hacker to write data to an arbitrary file with root privileges.

The vulnerability of the logfilereopen function in the GNU screen terminal multiplexer is related to the execution of the operation before privilege reset. Exploiting this vulnerability could allow an attacker to write data to an arbitrary file with root privileges...

CVE-2025-23395

A flaw was found in Screen. When running with setuid-root privileged, the logfilereopen function does not drop privileges while operating on a user-supplied path. This vulnerability allows an unprivileged user to create files in arbitrary locations with root ownership. Mitigation No mitigation is...

PT-2025-20829 · Gnu · Gnu Screen

Name of the Vulnerable Software and Affected Versions: Screen versions 5.0.0 Description: The issue is related to the logfile reopen function in the GNU screen terminal multiplexer. When Screen runs with setuid-root privileges, it does not drop privileges while operating on a user-supplied path...