How to fix CVE-2025-0840?

Within 30 days: Identify affected systems running GNU Binutils and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Is Binutils affected by CVE-2025-0840?

Organizations using GNU Binutils should be aware of moderate risk from CVE-2025-0840, a buffer overflow vulnerability rated CVSS 6.3. Exploitation could cause memory corruption or application crashes. Proof-of-concept code is publicly available.

CVE-2025-0840

MEDIUM

2025-01-29 [email protected]

6.3

CVSS 4.0

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:06 vuln.today

Patch Released

Mar 28, 2026 - 18:06 nvd

Patch available

PoC Detected

Mar 04, 2025 - 15:08 vuln.today

Public exploit code

CVE Published

Jan 29, 2025 - 20:15 nvd

MEDIUM 6.3

Description

A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemble_bytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.44 is able to address this issue. The identifier of the patch is baac6c221e9d69335bf41366a1c7d87d8ab2f893. It is recommended to upgrade the affected component.

Analysis

A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Technical Context

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemble_bytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.44 is able to address this issue. The identifier of the patch is baac6c221e9d69335bf41366a1c7d87d8ab2f893. It is recommended to upgrade the affected component. Affected products include: Gnu Binutils. Version information: up to 2.43..

Affected Products

Gnu Binutils.

Remediation

A vendor patch is available. Apply the latest security update as soon as possible. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +32

POC: +20

Vendor Status

CVE-2025-0840 vulnerability details – vuln.today

Back

CVE-2025-0840

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

CVE-2025-0840

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

External POC / Exploit Code