CVE-2025-1372

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Feb 17, 2025

CWE ID 119

CWE ID 120

Summary

CVE-2025-1372 is a critical vulnerability identified in GNU elfutils 0.192. The function dump_data_section/print_string_section in the file readelf.c of the eu-readelf component is the source of the issue. Manipulation of the argument z/x can lead to a buffer overflow, potentially enabling local attacks. The exploit for this vulnerability has been disclosed publicly, making it a significant threat. To mitigate this risk, it is strongly advised to apply the patch identified as 73db9d2021cab9e23fd734b0a76a612d52a6f1db as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Elfutils

Affected Vendors

GNU Project

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3anti4
https://www.cve.org/CVERecord?id=CVE-2025-1372
https://nvd.nist.gov/vuln/detail/CVE-2025-1372

Back to Vulnerability Database