CVE-2025-58160

EUVD-2025-26382
tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into terminal output when logged, potentially allowing attackers to manipulate terminal title bars, clear screens or modify terminal display, and potentially mislead users through terminal manipulation. tracing-subscriber version 0.3.20 fixes this vulnerability by escaping ANSI control characters when writing events to destinations that may be printed to the terminal. A workaround involves avoiding printing logs to terminal emulators without escaping ANSI control sequences.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
Debian logo
Debian Releases
Debian Product
Codename
rust-tracing-subscriber
bookworm
no-dsa
forky
0.3.22-3
fixed
sid
0.3.22-3
fixed
trixie
no-dsa
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
cargo-c
Amazon Linux 2023
0:0.9.32-3.amzn2023.0.4
fixed
cargo-c-debuginfo
Amazon Linux 2023
0:0.9.32-3.amzn2023.0.4
fixed
glycin-debugsource
Amazon Linux 2023
0:1.1.2-9.amzn2023
fixed
glycin-loaders
Amazon Linux 2023
0:1.1.2-9.amzn2023
fixed
glycin-loaders-debuginfo
Amazon Linux 2023
0:1.1.2-9.amzn2023
fixed
loupe
Amazon Linux 2023
0:47.4-33.amzn2023
fixed
loupe-debuginfo
Amazon Linux 2023
0:47.4-33.amzn2023
fixed
loupe-debugsource
Amazon Linux 2023
0:47.4-33.amzn2023
fixed
rust-cargo-c-debugsource
Amazon Linux 2023
0:0.9.32-3.amzn2023.0.4
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
kata-containers
Azure Linux 3.0
0:3.19.1.kata3-6.azl3
fixed
rpm-ostree
Azure Linux 3.0
0:2024.4-8.azl3
fixed
CBL-Mariner 2.0
0:2022.1-8.cm2
fixed
rust
Azure Linux 3.0
0:0.0.0.azl3
fixed
CBL-Mariner 2.0
0:1.72.0-15.cm2
fixed
trident
Azure Linux 3.0
0:0.22.0-1.azl3
fixed