VYPR
High severity8.6OSV Advisory· Published Apr 29, 2025· Updated Jun 17, 2026

CVE-2025-29906

CVE-2025-29906

Description

Finit is a fast init for Linux systems. Versions starting from 3.0-rc1 and prior to version 4.11 bundle an implementation of getty for the tty configuration directive that can bypass /bin/login, i.e., a user can log in as any user without authentication. This issue has been patched in version 4.11.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Troglobit/FinitOSV2 versions
    3.0, 3.0-rc1, 3.0-rc2, …+ 1 more
    • (no CPE)range: 3.0, 3.0-rc1, 3.0-rc2, …
    • (no CPE)range: >=3.0-rc1 <4.11

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.