Memory Corruption Vulnerability in GNU elfutils eu-readelf by GNU
CVE-2025-1352

2.3LOW

Key Information:

Vendor
Gnu
Status
Elfutils
Vendor
CVE Published:
16 February 2025

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A vulnerability exists in the GNU elfutils library, specifically within the eu-readelf component's function __libdw_thread_tail, which can lead to memory corruption. Attackers can potentially exploit this vulnerability remotely by manipulating the argument 'w'. While the complexity of the attack is considered high, the exploit has been publicly disclosed, raising concerns for users. It is essential for system administrators to apply the patch (identified as 2636426a091bd6c6f7f02e49ab20d4cdc6bfc753) to mitigate potential risks associated with this vulnerability.

Affected Version(s)

elfutils 0.192

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-1352 - Proof of Concept

References

https://vuldb.com/?id.295960
vdb-entrytechnical-description
https://vuldb.com/?ctiid.295960
signaturepermissions-required
https://vuldb.com/?submit.495965
third-party-advisory

CVSS V4

Score:
2.3
Severity:
LOW
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

rookie (VulDB User)
.