Denial of Service Vulnerability in BinUtils by GNU
CVE-2025-66861

2.5LOW

Key Information:

Vendor: GNU
Status: BinUtils
Vendor: CVE Published:; 29 December 2025

What is CVE-2025-66861?

A vulnerability exists in the 'd_unqualified_name' function within 'cp-demangle.c' of BinUtils version 2.26. This flaw allows attackers to orchestrate a denial of service attack by providing specially crafted PE files, which can disrupt the normal functioning of the affected application, ultimately leading to service unavailability. Proper security measures and patches should be applied to mitigate potential exploitation risks.

References

https://github.com/caozhzh/CRGF-Vul/blob/main/cxxfilt/cra...

CVSS V3.1

Score:

2.5

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 29, 2025
Vulnerability Reserved
Dec 8, 2025

JSON