Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.6
SwiftDialog Credentials Exposed on Reinstall or Erase
CVE-2025-70342
Summary
A security issue in SwiftDialog can reveal admin login credentials to an attacker when reinstalling or erasing the system. This is a concern because it allows unauthorized access to sensitive information. To protect your system, update SwiftDialog to version 40.4 or later.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| grahampugh | erase-install | <= 41.0 | – |
Original title
erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials ent...
Original description
erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe.
nvd CVSS3.1
6.6
Vulnerability type
CWE-732
Incorrect Permission Assignment for Critical Resource
Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026