CVE-2025-70342

Published: Mar 4, 2026

Modified: Mar 4, 2026

PUBLISHED

Description

erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/grahampugh/erase-install/pull/574

https://github.com/grahampugh/erase-install/commit/2c31239fb8519d87577514b3db9ddb0771232a21

https://github.com/malvector/CVE-2025-70342

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-70342

Description

Affected Products

References