Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-8842

A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected by this issue is the function do_directive of the file preproc.c. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

Published

2025-08-11T11:15:26.767

Last Modified

2025-09-15T14:59:32.953

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:S/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.1

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-119
CWE-416
Type: Primary
CWE-416

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nasm	netwide_assembler	2.17	Yes

References

https://bugzilla.nasm.us/show_bug.cgi?id=3392933 Exploit, Issue Tracking, Vendor Advisory ([email protected])
https://drive.google.com/file/d/11vEV1vMHXO4BrDGhvWAMm0Qo1woiUwVV/view?usp=drive_link Exploit ([email protected])
https://vuldb.com/?ctiid.319376 Permissions Required, VDB Entry ([email protected])
https://vuldb.com/?id.319376 Third Party Advisory, VDB Entry ([email protected])
https://vuldb.com/?submit.623184 Exploit, Third Party Advisory, VDB Entry ([email protected])
https://bugzilla.nasm.us/show_bug.cgi?id=3392933 Exploit, Issue Tracking, Vendor Advisory (134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://vuldb.com/?submit.623184 Exploit, Third Party Advisory, VDB Entry (134c704f-9b21-4f2e-91b3-4a467353bcc0)