Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-11412

A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch.

Published

2025-10-07T22:15:34.030

Last Modified

2025-10-14T15:09:07.050

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 3.3 (LOW)

CVSSv2 Vector

AV:L/AC:L/Au:S/C:N/I:N/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

3.1

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-119
CWE-125
Type: Primary
CWE-125

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gnu	binutils	2.45	Yes

References

https://sourceware.org/bugzilla/attachment.cgi?id=16378 Broken Link ([email protected])
https://sourceware.org/bugzilla/show_bug.cgi?id=33452 Exploit, Issue Tracking ([email protected])
https://sourceware.org/bugzilla/show_bug.cgi?id=33452#c8 Exploit, Issue Tracking ([email protected])
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=047435dd988a3975d40c6626a8f739a0b2e154bc Patch ([email protected])
https://vuldb.com/?ctiid.327348 Permissions Required, VDB Entry ([email protected])
https://vuldb.com/?id.327348 Third Party Advisory, VDB Entry ([email protected])
https://www.gnu.org/ Third Party Advisory, VDB Entry ([email protected])
https://sourceware.org/bugzilla/show_bug.cgi?id=33452 Exploit, Issue Tracking (134c704f-9b21-4f2e-91b3-4a467353bcc0)