CVE-2025-9810: 
Redis vulnerability analysis and mitigation

A Time-of-Check-Time-of-Use (TOCTOU) vulnerability has been identified in the linenoiseHistorySave function of linenoise library, tracked as CVE-2025-9810. The vulnerability was discovered and reported by CyberArk Labs on September 1, 2025. This security flaw affects the linenoise library's history file handling mechanism (NVD CVE).

The vulnerability exists in the linenoiseHistorySave() function where a race condition occurs between the initial file operation using fopen("w") on the history path and a subsequent chmod() operation on the same path. The vulnerability has been assigned a CVSS v3.1 Base Score of 6.8 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L. The vulnerability is classified as CWE-367 (Time-of-check Time-of-use Race Condition) (NVD CVE).

The vulnerability allows local attackers to overwrite arbitrary files and modify file permissions through a symlink race condition attack. This could potentially lead to privilege escalation or unauthorized file modifications on the affected system (NVD CVE).

A pull request has been submitted to address this vulnerability in the linenoise repository (Linenoise PR). Users are advised to monitor the repository for updates and apply patches when available.