CVE-2025-1365

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Feb 17, 2025

CWE ID 119

CWE ID 120

Summary

CVE-2025-1365 is a critical vulnerability affecting the GNU elfutils 0.192 component, specifically the eu-readelf file's readelf.c process_symtab function. This issue arises when the argument D/a is manipulated, leading to a buffer overflow. A local attacker can leverage this vulnerability, which has been made public, by exploiting it. The patch to resolve this issue, identified as 5e5c0394d82c53e97750fe7b18023e6f84157b81, is recommended for application to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Elfutils

Affected Vendors

GNU Project

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3ag0ff
https://www.cve.org/CVERecord?id=CVE-2025-1365
https://nvd.nist.gov/vuln/detail/CVE-2025-1365

Back to Vulnerability Database