Security Flaw in GNU Binutils Affects tg_tag_type Function
CVE-2025-11839

4.8MEDIUM

Key Information:

Vendor: Gnu
Status: Binutils
Vendor: CVE Published:; 16 October 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-11839?

A security flaw has been identified within GNU Binutils 2.45, specifically affecting the tg_tag_type function located in the prdbg.c file. This vulnerability arises from an unchecked return value during manipulation, which can lead to unintended consequences when exploited locally. The exploit has been made public, raising concerns regarding its potential to be leveraged by attackers. Users of affected versions should take immediate precautions.

Affected Version(s)

Binutils 2.45

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-11839 - Proof of Concept

References

https://vuldb.com/?id.328774

vdb-entrytechnical-description

https://vuldb.com/?ctiid.328774

signaturepermissions-required

https://vuldb.com/?submit.661279

third-party-advisory

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Oct 16, 2025
👾
Exploit known to exist
Oct 16, 2025
Vulnerability published
Oct 16, 2025
Vulnerability Reserved
Oct 16, 2025

Credit

JJLeo (VulDB User)

JSON

Gnu

Badges

What is CVE-2025-11839?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V4

Timeline

Credit