{"id":"CVE-2025-58160","summary":"Tracing logging user input may result in poisoning logs with ANSI escape sequences","details":"tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into terminal output when logged, potentially allowing attackers to manipulate terminal title bars, clear screens or modify terminal display, and potentially mislead users through terminal manipulation. tracing-subscriber version 0.3.20 fixes this vulnerability by escaping ANSI control characters when writing events to destinations that may be printed to the terminal. A workaround involves avoiding printing logs to terminal emulators without escaping ANSI control sequences.","aliases":["GHSA-xwfj-jgwm-7wp5","RUSTSEC-2025-0055"],"modified":"2026-04-16T08:44:12.722713962Z","published":"2025-08-29T21:28:22.563Z","related":["CGA-qfj4-j4gm-v9q6","SUSE-FU-2026:20990-1","SUSE-SU-2025:03082-1","SUSE-SU-2025:21158-1","SUSE-SU-2025:3869-1","SUSE-SU-2025:4091-1","SUSE-SU-2026:1361-1","SUSE-SU-2026:20077-1","SUSE-SU-2026:20096-1","SUSE-SU-2026:20235-1","SUSE-SU-2026:20335-1","openSUSE-FU-2026:20453-1","openSUSE-SU-2025:15512-1","openSUSE-SU-2025:15514-1","openSUSE-SU-2025:15517-1","openSUSE-SU-2025:15518-1","openSUSE-SU-2025:15519-1","openSUSE-SU-2025:15540-1","openSUSE-SU-2025:15550-1","openSUSE-SU-2025:15551-1","openSUSE-SU-2025:15552-1","openSUSE-SU-2025:20114-1","openSUSE-SU-2026:20026-1","openSUSE-SU-2026:20060-1","openSUSE-SU-2026:20180-1"],"database_specific":{"cwe_ids":["CWE-150"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/58xxx/CVE-2025-58160.json","cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/58xxx/CVE-2025-58160.json"},{"type":"ADVISORY","url":"https://github.com/tokio-rs/tracing/security/advisories/GHSA-xwfj-jgwm-7wp5"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-58160"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tokio-rs/tracing","events":[{"introduced":"0"},{"fixed":"4c52ca5266a3920fc5dfeebda2accf15ee7fb278"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.3.20"}]}}],"versions":["tracing-0.1.0","tracing-0.1.1","tracing-0.1.10","tracing-0.1.11","tracing-0.1.12","tracing-0.1.13","tracing-0.1.14","tracing-0.1.15","tracing-0.1.16","tracing-0.1.17","tracing-0.1.18","tracing-0.1.19","tracing-0.1.2","tracing-0.1.20","tracing-0.1.21","tracing-0.1.22","tracing-0.1.23","tracing-0.1.24","tracing-0.1.25","tracing-0.1.26","tracing-0.1.27","tracing-0.1.28","tracing-0.1.29","tracing-0.1.3","tracing-0.1.30","tracing-0.1.31","tracing-0.1.32","tracing-0.1.33","tracing-0.1.34","tracing-0.1.35","tracing-0.1.36","tracing-0.1.37","tracing-0.1.38","tracing-0.1.39","tracing-0.1.4","tracing-0.1.40","tracing-0.1.41","tracing-0.1.5","tracing-0.1.6","tracing-0.1.7","tracing-0.1.8","tracing-0.1.9","tracing-appender-0.1.0","tracing-appender-0.1.1","tracing-appender-0.1.2","tracing-appender-0.2.0","tracing-appender-0.2.1","tracing-appender-0.2.2","tracing-appender-0.2.3","tracing-attributes-0.1.1","tracing-attributes-0.1.10","tracing-attributes-0.1.11","tracing-attributes-0.1.12","tracing-attributes-0.1.13","tracing-attributes-0.1.14","tracing-attributes-0.1.15","tracing-attributes-0.1.16","tracing-attributes-0.1.17","tracing-attributes-0.1.18","tracing-attributes-0.1.19","tracing-attributes-0.1.2","tracing-attributes-0.1.20","tracing-attributes-0.1.21","tracing-attributes-0.1.22","tracing-attributes-0.1.23","tracing-attributes-0.1.24","tracing-attributes-0.1.25","tracing-attributes-0.1.26","tracing-attributes-0.1.27","tracing-attributes-0.1.28","tracing-attributes-0.1.29","tracing-attributes-0.1.3","tracing-attributes-0.1.30","tracing-attributes-0.1.4","tracing-attributes-0.1.5","tracing-attributes-0.1.6","tracing-attributes-0.1.7","tracing-attributes-0.1.8","tracing-attributes-0.1.9","tracing-core-0.1.1","tracing-core-0.1.10","tracing-core-0.1.11","tracing-core-0.1.12","tracing-core-0.1.13","tracing-core-0.1.14","tracing-core-0.1.15","tracing-core-0.1.16","tracing-core-0.1.17","tracing-core-0.1.18","tracing-core-0.1.19","tracing-core-0.1.2","tracing-core-0.1.20","tracing-core-0.1.21","tracing-core-0.1.22","tracing-core-0.1.23","tracing-core-0.1.24","tracing-core-0.1.25","tracing-core-0.1.26","tracing-core-0.1.27","tracing-core-0.1.28","tracing-core-0.1.29","tracing-core-0.1.3","tracing-core-0.1.30","tracing-core-0.1.31","tracing-core-0.1.32","tracing-core-0.1.33","tracing-core-0.1.34","tracing-core-0.1.4","tracing-core-0.1.5","tracing-core-0.1.6","tracing-core-0.1.7","tracing-core-0.1.8","tracing-core-0.1.9","tracing-error-0.1.0","tracing-error-0.1.1","tracing-error-0.1.2","tracing-error-0.2.0","tracing-error-0.2.1","tracing-flame-0.2.0","tracing-fmt-0.0.1-alpha.3","tracing-fmt-0.1.1","tracing-futures-0.1.0","tracing-futures-0.1.1","tracing-futures-0.2.0","tracing-futures-0.2.1","tracing-futures-0.2.2","tracing-futures-0.2.3","tracing-futures-0.2.4","tracing-futures-0.2.5","tracing-journald-0.1.0","tracing-journald-0.2.0","tracing-journald-0.2.1","tracing-journald-0.2.2","tracing-journald-0.2.3","tracing-journald-0.2.4","tracing-journald-0.3.0","tracing-journald-0.3.1","tracing-log-0.0.1-alpha.2","tracing-log-0.1.0","tracing-log-0.1.1","tracing-log-0.1.2","tracing-log-0.1.3","tracing-log-0.1.4","tracing-log-0.2.0","tracing-mock-0.1.0-beta.1","tracing-opentelemetry-0.10.0","tracing-opentelemetry-0.11.0","tracing-opentelemetry-0.12.0","tracing-opentelemetry-0.13.0","tracing-opentelemetry-0.14.0","tracing-opentelemetry-0.15.0","tracing-opentelemetry-0.16.0","tracing-opentelemetry-0.17.0","tracing-opentelemetry-0.17.1","tracing-opentelemetry-0.17.2","tracing-opentelemetry-0.17.3","tracing-opentelemetry-0.17.4","tracing-opentelemetry-0.18.0","tracing-opentelemetry-0.4.0","tracing-opentelemetry-0.5.0","tracing-opentelemetry-0.6.0","tracing-opentelemetry-0.7.0","tracing-opentelemetry-0.8.0","tracing-opentelemetry-0.9.0","tracing-serde-0.1.0","tracing-serde-0.1.1","tracing-serde-0.1.2","tracing-serde-0.1.3","tracing-serde-0.2.0","tracing-subscriber-0.0.1-alpha.4","tracing-subscriber-0.1.0","tracing-subscriber-0.1.1","tracing-subscriber-0.1.2","tracing-subscriber-0.1.3","tracing-subscriber-0.1.4","tracing-subscriber-0.1.5","tracing-subscriber-0.2.0","tracing-subscriber-0.2.0-alpha.1","tracing-subscriber-0.2.0-alpha.2","tracing-subscriber-0.2.0-alpha.3","tracing-subscriber-0.2.0-alpha.4","tracing-subscriber-0.2.0-alpha.5","tracing-subscriber-0.2.0-alpha.6","tracing-subscriber-0.2.1","tracing-subscriber-0.2.10","tracing-subscriber-0.2.11","tracing-subscriber-0.2.12","tracing-subscriber-0.2.13","tracing-subscriber-0.2.14","tracing-subscriber-0.2.15","tracing-subscriber-0.2.16","tracing-subscriber-0.2.17","tracing-subscriber-0.2.18","tracing-subscriber-0.2.19","tracing-subscriber-0.2.2","tracing-subscriber-0.2.20","tracing-subscriber-0.2.21","tracing-subscriber-0.2.22","tracing-subscriber-0.2.23","tracing-subscriber-0.2.24","tracing-subscriber-0.2.25","tracing-subscriber-0.2.3","tracing-subscriber-0.2.4","tracing-subscriber-0.2.6","tracing-subscriber-0.2.7","tracing-subscriber-0.2.8","tracing-subscriber-0.2.9","tracing-subscriber-0.3.0","tracing-subscriber-0.3.1","tracing-subscriber-0.3.10","tracing-subscriber-0.3.11","tracing-subscriber-0.3.12","tracing-subscriber-0.3.13","tracing-subscriber-0.3.14","tracing-subscriber-0.3.15","tracing-subscriber-0.3.16","tracing-subscriber-0.3.17","tracing-subscriber-0.3.18","tracing-subscriber-0.3.19","tracing-subscriber-0.3.2","tracing-subscriber-0.3.3","tracing-subscriber-0.3.4","tracing-subscriber-0.3.5","tracing-subscriber-0.3.6","tracing-subscriber-0.3.7","tracing-subscriber-0.3.8","tracing-subscriber-0.3.9","tracing-subscriber/-0.2.5"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-58160.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"}]}