Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-1365

A vulnerability, which was classified as critical, was found in GNU elfutils 0.192. This affects the function process_symtab of the file readelf.c of the component eu-readelf. The manipulation of the argument D/a leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 5e5c0394d82c53e97750fe7b18023e6f84157b81. It is recommended to apply a patch to fix this issue.

Published

2025-02-17T00:15:09.140

Last Modified

2025-11-04T20:07:34.117

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:S/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.1

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-119
CWE-120
Type: Primary
CWE-120

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	elfutils_project	elfutils	0.192	Yes

References

https://sourceware.org/bugzilla/attachment.cgi?id=15925 Exploit ([email protected])
https://sourceware.org/bugzilla/show_bug.cgi?id=32654 Exploit, Issue Tracking ([email protected])
https://sourceware.org/bugzilla/show_bug.cgi?id=32654#c2 Exploit, Issue Tracking ([email protected])
https://vuldb.com/?ctiid.295977 Permissions Required, VDB Entry ([email protected])
https://vuldb.com/?id.295977 Third Party Advisory, VDB Entry ([email protected])
https://vuldb.com/?submit.496483 Third Party Advisory, VDB Entry ([email protected])
https://www.gnu.org/ Product ([email protected])