CVE-2025-58160

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-58160
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-58160.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-58160
Aliases
Downstream
Related
Published
2025-08-29T21:28:22Z
Modified
2025-10-22T18:47:59.796062Z
Severity
  • 2.3 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Tracing logging user input may result in poisoning logs with ANSI escape sequences
Details

tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into terminal output when logged, potentially allowing attackers to manipulate terminal title bars, clear screens or modify terminal display, and potentially mislead users through terminal manipulation. tracing-subscriber version 0.3.20 fixes this vulnerability by escaping ANSI control characters when writing events to destinations that may be printed to the terminal. A workaround involves avoiding printing logs to terminal emulators without escaping ANSI control sequences.

Database specific 
{
    "cwe_ids": [
        "CWE-150"
    ]
}
References

Affected packages

Git / github.com/tokio-rs/tracing

Affected ranges

Type
GIT
Repo
https://github.com/tokio-rs/tracing
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
4c52ca5266a3920fc5dfeebda2accf15ee7fb278

Affected versions

tracing-0.*

tracing-0.1.0
tracing-0.1.1
tracing-0.1.10
tracing-0.1.11
tracing-0.1.12
tracing-0.1.13
tracing-0.1.14
tracing-0.1.15
tracing-0.1.16
tracing-0.1.17
tracing-0.1.18
tracing-0.1.19
tracing-0.1.2
tracing-0.1.20
tracing-0.1.21
tracing-0.1.22
tracing-0.1.23
tracing-0.1.24
tracing-0.1.25
tracing-0.1.26
tracing-0.1.27
tracing-0.1.28
tracing-0.1.29
tracing-0.1.3
tracing-0.1.30
tracing-0.1.31
tracing-0.1.32
tracing-0.1.33
tracing-0.1.34
tracing-0.1.35
tracing-0.1.36
tracing-0.1.37
tracing-0.1.38
tracing-0.1.39
tracing-0.1.4
tracing-0.1.40
tracing-0.1.41
tracing-0.1.5
tracing-0.1.6
tracing-0.1.7
tracing-0.1.8
tracing-0.1.9

tracing-appender-0.*

tracing-appender-0.1.0
tracing-appender-0.1.1
tracing-appender-0.1.2
tracing-appender-0.2.0
tracing-appender-0.2.1
tracing-appender-0.2.2
tracing-appender-0.2.3

tracing-attributes-0.*

tracing-attributes-0.1.1
tracing-attributes-0.1.10
tracing-attributes-0.1.11
tracing-attributes-0.1.12
tracing-attributes-0.1.13
tracing-attributes-0.1.14
tracing-attributes-0.1.15
tracing-attributes-0.1.16
tracing-attributes-0.1.17
tracing-attributes-0.1.18
tracing-attributes-0.1.19
tracing-attributes-0.1.2
tracing-attributes-0.1.20
tracing-attributes-0.1.21
tracing-attributes-0.1.22
tracing-attributes-0.1.23
tracing-attributes-0.1.24
tracing-attributes-0.1.25
tracing-attributes-0.1.26
tracing-attributes-0.1.27
tracing-attributes-0.1.28
tracing-attributes-0.1.29
tracing-attributes-0.1.3
tracing-attributes-0.1.30
tracing-attributes-0.1.4
tracing-attributes-0.1.5
tracing-attributes-0.1.6
tracing-attributes-0.1.7
tracing-attributes-0.1.8
tracing-attributes-0.1.9

tracing-core-0.*

tracing-core-0.1.1
tracing-core-0.1.10
tracing-core-0.1.11
tracing-core-0.1.12
tracing-core-0.1.13
tracing-core-0.1.14
tracing-core-0.1.15
tracing-core-0.1.16
tracing-core-0.1.17
tracing-core-0.1.18
tracing-core-0.1.19
tracing-core-0.1.2
tracing-core-0.1.20
tracing-core-0.1.21
tracing-core-0.1.22
tracing-core-0.1.23
tracing-core-0.1.24
tracing-core-0.1.25
tracing-core-0.1.26
tracing-core-0.1.27
tracing-core-0.1.28
tracing-core-0.1.29
tracing-core-0.1.3
tracing-core-0.1.30
tracing-core-0.1.31
tracing-core-0.1.32
tracing-core-0.1.33
tracing-core-0.1.34
tracing-core-0.1.4
tracing-core-0.1.5
tracing-core-0.1.6
tracing-core-0.1.7
tracing-core-0.1.8
tracing-core-0.1.9

tracing-error-0.*

tracing-error-0.1.0
tracing-error-0.1.1
tracing-error-0.1.2
tracing-error-0.2.0
tracing-error-0.2.1

tracing-flame-0.*

tracing-flame-0.2.0

tracing-fmt-0.*

tracing-fmt-0.0.1-alpha.3
tracing-fmt-0.1.1

tracing-futures-0.*

tracing-futures-0.1.0
tracing-futures-0.1.1
tracing-futures-0.2.0
tracing-futures-0.2.1
tracing-futures-0.2.2
tracing-futures-0.2.3
tracing-futures-0.2.4
tracing-futures-0.2.5

tracing-journald-0.*

tracing-journald-0.1.0
tracing-journald-0.2.0
tracing-journald-0.2.1
tracing-journald-0.2.2
tracing-journald-0.2.3
tracing-journald-0.2.4
tracing-journald-0.3.0
tracing-journald-0.3.1

tracing-log-0.*

tracing-log-0.0.1-alpha.2
tracing-log-0.1.0
tracing-log-0.1.1
tracing-log-0.1.2
tracing-log-0.1.3
tracing-log-0.1.4
tracing-log-0.2.0

tracing-mock-0.*

tracing-mock-0.1.0-beta.1

tracing-opentelemetry-0.*

tracing-opentelemetry-0.10.0
tracing-opentelemetry-0.11.0
tracing-opentelemetry-0.12.0
tracing-opentelemetry-0.13.0
tracing-opentelemetry-0.14.0
tracing-opentelemetry-0.15.0
tracing-opentelemetry-0.16.0
tracing-opentelemetry-0.17.0
tracing-opentelemetry-0.17.1
tracing-opentelemetry-0.17.2
tracing-opentelemetry-0.17.3
tracing-opentelemetry-0.17.4
tracing-opentelemetry-0.18.0
tracing-opentelemetry-0.4.0
tracing-opentelemetry-0.5.0
tracing-opentelemetry-0.6.0
tracing-opentelemetry-0.7.0
tracing-opentelemetry-0.8.0
tracing-opentelemetry-0.9.0

tracing-serde-0.*

tracing-serde-0.1.0
tracing-serde-0.1.1
tracing-serde-0.1.2
tracing-serde-0.1.3
tracing-serde-0.2.0

tracing-subscriber-0.*

tracing-subscriber-0.0.1-alpha.4
tracing-subscriber-0.1.0
tracing-subscriber-0.1.1
tracing-subscriber-0.1.2
tracing-subscriber-0.1.3
tracing-subscriber-0.1.4
tracing-subscriber-0.1.5
tracing-subscriber-0.2.0
tracing-subscriber-0.2.0-alpha.1
tracing-subscriber-0.2.0-alpha.2
tracing-subscriber-0.2.0-alpha.3
tracing-subscriber-0.2.0-alpha.4
tracing-subscriber-0.2.0-alpha.5
tracing-subscriber-0.2.0-alpha.6
tracing-subscriber-0.2.1
tracing-subscriber-0.2.10
tracing-subscriber-0.2.11
tracing-subscriber-0.2.12
tracing-subscriber-0.2.13
tracing-subscriber-0.2.14
tracing-subscriber-0.2.15
tracing-subscriber-0.2.16
tracing-subscriber-0.2.17
tracing-subscriber-0.2.18
tracing-subscriber-0.2.19
tracing-subscriber-0.2.2
tracing-subscriber-0.2.20
tracing-subscriber-0.2.21
tracing-subscriber-0.2.22
tracing-subscriber-0.2.23
tracing-subscriber-0.2.24
tracing-subscriber-0.2.25
tracing-subscriber-0.2.3
tracing-subscriber-0.2.4
tracing-subscriber-0.2.6
tracing-subscriber-0.2.7
tracing-subscriber-0.2.8
tracing-subscriber-0.2.9
tracing-subscriber-0.3.0
tracing-subscriber-0.3.1
tracing-subscriber-0.3.10
tracing-subscriber-0.3.11
tracing-subscriber-0.3.12
tracing-subscriber-0.3.13
tracing-subscriber-0.3.14
tracing-subscriber-0.3.15
tracing-subscriber-0.3.16
tracing-subscriber-0.3.17
tracing-subscriber-0.3.18
tracing-subscriber-0.3.19
tracing-subscriber-0.3.2
tracing-subscriber-0.3.3
tracing-subscriber-0.3.4
tracing-subscriber-0.3.5
tracing-subscriber-0.3.6
tracing-subscriber-0.3.7
tracing-subscriber-0.3.8
tracing-subscriber-0.3.9

tracing-subscriber/-0.*

tracing-subscriber/-0.2.5