Vulnerability Details CVE-2025-70342
erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 2.3%
CVSS Severity
CVSS v3 Score 6.6
References
Products affected by CVE-2025-70342
-
cpe:2.3:a:grahampugh:erase-install:0.10.0
-
cpe:2.3:a:grahampugh:erase-install:0.10.1
-
cpe:2.3:a:grahampugh:erase-install:0.11.0
-
cpe:2.3:a:grahampugh:erase-install:0.11.1
-
cpe:2.3:a:grahampugh:erase-install:0.12.0
-
cpe:2.3:a:grahampugh:erase-install:0.12.1
-
cpe:2.3:a:grahampugh:erase-install:0.13.0
-
cpe:2.3:a:grahampugh:erase-install:0.14.0
-
cpe:2.3:a:grahampugh:erase-install:0.15.0
-
cpe:2.3:a:grahampugh:erase-install:0.15.1
-
cpe:2.3:a:grahampugh:erase-install:0.15.2
-
cpe:2.3:a:grahampugh:erase-install:0.15.3
-
cpe:2.3:a:grahampugh:erase-install:0.15.4
-
cpe:2.3:a:grahampugh:erase-install:0.15.5
-
cpe:2.3:a:grahampugh:erase-install:0.15.6
-
cpe:2.3:a:grahampugh:erase-install:0.16.0
-
cpe:2.3:a:grahampugh:erase-install:0.16.1
-
cpe:2.3:a:grahampugh:erase-install:0.17.0
-
cpe:2.3:a:grahampugh:erase-install:0.17.1
-
cpe:2.3:a:grahampugh:erase-install:0.17.2
-
cpe:2.3:a:grahampugh:erase-install:0.17.3
-
cpe:2.3:a:grahampugh:erase-install:0.17.4
-
cpe:2.3:a:grahampugh:erase-install:0.18.0
-
cpe:2.3:a:grahampugh:erase-install:0.19.0
-
cpe:2.3:a:grahampugh:erase-install:0.19.1
-
cpe:2.3:a:grahampugh:erase-install:0.19.2
-
cpe:2.3:a:grahampugh:erase-install:0.2.0
-
cpe:2.3:a:grahampugh:erase-install:0.20.0
-
cpe:2.3:a:grahampugh:erase-install:0.20.1
-
cpe:2.3:a:grahampugh:erase-install:0.21.0
-
cpe:2.3:a:grahampugh:erase-install:0.22.0
-
cpe:2.3:a:grahampugh:erase-install:0.23.0
-
cpe:2.3:a:grahampugh:erase-install:0.3.0
-
cpe:2.3:a:grahampugh:erase-install:0.3.1
-
cpe:2.3:a:grahampugh:erase-install:0.3.2
-
cpe:2.3:a:grahampugh:erase-install:0.4.0
-
cpe:2.3:a:grahampugh:erase-install:0.5.0
-
cpe:2.3:a:grahampugh:erase-install:0.6.0
-
cpe:2.3:a:grahampugh:erase-install:0.7.0
-
cpe:2.3:a:grahampugh:erase-install:0.7.1
-
cpe:2.3:a:grahampugh:erase-install:0.8.0
-
cpe:2.3:a:grahampugh:erase-install:0.9.0
-
cpe:2.3:a:grahampugh:erase-install:0.9.1
-
cpe:2.3:a:grahampugh:erase-install:24.0
-
cpe:2.3:a:grahampugh:erase-install:24.1
-
cpe:2.3:a:grahampugh:erase-install:25.0
-
cpe:2.3:a:grahampugh:erase-install:25.1
-
cpe:2.3:a:grahampugh:erase-install:26.0
-
cpe:2.3:a:grahampugh:erase-install:26.1
-
cpe:2.3:a:grahampugh:erase-install:26.2
-
cpe:2.3:a:grahampugh:erase-install:27.0
-
cpe:2.3:a:grahampugh:erase-install:27.1
-
cpe:2.3:a:grahampugh:erase-install:27.2
-
cpe:2.3:a:grahampugh:erase-install:27.3
-
cpe:2.3:a:grahampugh:erase-install:28.0
-
cpe:2.3:a:grahampugh:erase-install:28.1
-
cpe:2.3:a:grahampugh:erase-install:29.0
-
cpe:2.3:a:grahampugh:erase-install:29.1
-
cpe:2.3:a:grahampugh:erase-install:29.2
-
cpe:2.3:a:grahampugh:erase-install:30.0
-
cpe:2.3:a:grahampugh:erase-install:30.1
-
cpe:2.3:a:grahampugh:erase-install:30.2
-
cpe:2.3:a:grahampugh:erase-install:31.0
-
cpe:2.3:a:grahampugh:erase-install:32.0
-
cpe:2.3:a:grahampugh:erase-install:32.1
-
cpe:2.3:a:grahampugh:erase-install:33.0
-
cpe:2.3:a:grahampugh:erase-install:33.1
-
cpe:2.3:a:grahampugh:erase-install:34.0
-
cpe:2.3:a:grahampugh:erase-install:35.0
-
cpe:2.3:a:grahampugh:erase-install:36.0
-
cpe:2.3:a:grahampugh:erase-install:36.1
-
cpe:2.3:a:grahampugh:erase-install:37.0
-
cpe:2.3:a:grahampugh:erase-install:38.0
-
cpe:2.3:a:grahampugh:erase-install:39.0
-
cpe:2.3:a:grahampugh:erase-install:39.1
-
cpe:2.3:a:grahampugh:erase-install:40.0
-
cpe:2.3:a:grahampugh:erase-install:40.1
-
cpe:2.3:a:grahampugh:erase-install:40.2
-
cpe:2.3:a:grahampugh:erase-install:40.3
-
cpe:2.3:a:grahampugh:erase-install:40.4