Home / Vulnerability Intelligence / CVE-2025-70342

CVE-2025-70342 - Vulnerability Analysis

MediumCVSS: 6.6

Last Updated: March 4, 2026

erase-install - Authentication Bypass

Published: March 4, 2026Updated: March 4, 2026PoC Available

Overview

erase-install prior to v40.4 contains a credential disclosure caused by writing swiftDialog credential output to a hardcoded path /var/tmp/dialog.json, letting unauthenticated attackers intercept admin credentials via named pipe creation.

Severity & Score

Severity: Medium

CVSS Score: 6.6

Impact

Unauthenticated attackers can intercept admin credentials during reinstall/erase operations, leading to credential compromise.

Mitigation

Update to version v40.4 or later.

References

https://github.com/grahampugh/erase-install/pull/574
https://github.com/malvector/CVE-2025-70342
https://github.com/grahampugh/erase-install/commit/2c31239fb8519d87577514b3db9ddb0771232a21

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2025-70342
Severity: Medium
CVSS Score: 6.6
Type: broken_authentication
Status: new

CWE

CWE-732

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N