CVE-2026-25701

EUVD-2026-8638

25.02.2026, 12:16

An Insecure Temporary File vulnerability in openSUSE sdbootutil allows local users to pre-create a directory to achieve various effects like:
  *  gain access to possible private information found in /var/lib/pcrlock.d
  *  manipulate the data backed up in /tmp/pcrlock.d.bak, therefore violating the integrity of the data should it be restored.
  *   overwrite protected system files with data from /var/lib/pcrlock.d by placing symlinks to existing files in the directory tree in /tmp/pcrlock.d.bak.


This issue affects sdbootutil: from ? before 5880246d3a02642dc68f5c8cb474bf63cdb56bca.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	UNKNOWN				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-377 - Insecure Temporary File
Creating and using insecure temporary files can leave application and system data vulnerable to attack.

References

https://bugzilla.suse.com/show_bug.cgi?id=1258241