CVE-2026-25701

Published: Feb 25, 2026

Modified: Feb 25, 2026

PUBLISHED

Description

An Insecure Temporary File vulnerability in openSUSE sdbootutil allows local users to pre-create a directory to achieve various effects like: * gain access to possible private information found in /var/lib/pcrlock.d * manipulate the data backed up in /tmp/pcrlock.d.bak, therefore violating the integrity of the data should it be restored. * overwrite protected system files with data from /var/lib/pcrlock.d by placing symlinks to existing files in the directory tree in /tmp/pcrlock.d.bak. This issue affects sdbootutil: from ? before 5880246d3a02642dc68f5c8cb474bf63cdb56bca.

Vendor	Product	Versions
openSUSE	sdbootutil	affected `? - < 5880246d3a02642dc68f5c8cb474bf63cdb56bca`

Weaknesses (CWE)

CWE-377

References

https://bugzilla.suse.com/show_bug.cgi?id=1258241

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-25701

Description

Affected Products

Weaknesses (CWE)

References