Description

tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into terminal output when logged, potentially allowing attackers to manipulate terminal title bars, clear screens or modify terminal display, and potentially mislead users through terminal manipulation. tracing-subscriber version 0.3.20 fixes this vulnerability by escaping ANSI control characters when writing events to destinations that may be printed to the terminal. A workaround involves avoiding printing logs to terminal emulators without escaping ANSI control sequences.

INFO

Published Date :

2025-08-29T21:28:22.563Z

Last Modified :

2025-09-02T14:08:42.323Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-58160 vulnerability.

Vendors Products
Tokio
  • Tracing
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-58160.

URL Resource
https://github.com/tokio-rs/tracing/security/advisories/GHSA-xwfj-jgwm-7wp5 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-58160 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-58160 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact