Memory Corruption Vulnerability in GNU libopts Affects Multiple Products
CVE-2025-8746

4.8MEDIUM

Key Information:

Vendor

Gnu
Status
Libopts
Vendor
CVE Published:
9 August 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-8746?

A memory corruption vulnerability has been identified in the GNU libopts library, particularly affecting the __strstr_sse2 function. This vulnerability requires local access to exploit, making it critical for users of affected products to be aware of potential risks. The issue has been publicly disclosed, and while initially related to the tcpreplay project, it stems from the external library libopts. Due to the nature of this vulnerability, products reliant on unsupported versions of libopts are particularly at risk, posing challenges for systems using outdated dependencies.

Affected Version(s)

libopts 27.0

libopts 27.1

libopts 27.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-8746 - Proof of Concept

References

https://vuldb.com/?id.319242
vdb-entrytechnical-description
https://vuldb.com/?ctiid.319242
signaturepermissions-required
https://vuldb.com/?submit.623632
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

nipc-cxd (VulDB User)
.
CVE-2025-8746 : Memory Corruption Vulnerability in GNU libopts Affects Multiple Products