CVE-2025-70342 erase-install — Exploit & Vulnerability Details MEDIUM

CVE-2025-70342

MEDIUM CVSS 3.1: 6.6 EPSS 0.01%

Parameter	Value
CVSS	6.6 (MEDIUM)
Type	CWE-732 (Incorrect Permission Assignment)
Vendor	erase-install
Public PoC	No

erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe.

Attack Parameters

Attack Vector

Local

Requires local access

Attack Complexity

Low

Easy to exploit

Privileges Required

Low

Basic privileges needed

User Interaction

Required

User action required

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-732 Incorrect Permission Assignment

References 3

https://github.com/grahampugh/erase-install/commit/2c31239fb8519d87577514b3db9d…

cve@mitre.org

https://github.com/grahampugh/erase-install/pull/574

cve@mitre.org

https://github.com/malvector/CVE-2025-70342

cve@mitre.org

Share Post Share Share Share

Menu

CVE-2025-70342

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 3

CVE Details

Editor's Choice

Menu

CVE-2025-70342

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 3

CVE Details

Editor's Choice

Stay informed on cybersecurity