Is there a public PoC exploit available for CVE-2025-11413?

Yes, a public proof-of-concept exploit is available for CVE-2025-11413. Prioritise patching immediately. EPSS: 0.0%.

Is there a patch available for CVE-2025-11413?

Yes, a patch is available for CVE-2025-11413. Update the affected software to the latest version immediately.

GNU Binutils CVE-2025-11413

Q: What is the CVSS score of CVE-2025-11413?

CVE-2025-11413 has a CVSS 4.0 base score of 1.9 (Low). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

LOW

Buffer Overflow (CWE-119)

2025-10-07 cna@vuldb.com

Buffer Overflow

1.9

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

1.9 LOW

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Apr 29, 2026 - 01:32 vuln.today

DescriptionCVE.org

A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised.

AnalysisAI

Out-of-bounds read in GNU Binutils 2.45 linker function elf_link_add_object_symbols allows local authenticated attackers to trigger memory disclosure or denial of service by providing a malformed ELF object file. Publicly available exploit code exists, though EPSS assessment indicates very low exploitation probability (0.03%) in practice. Patch available in version 2.46.

Technical ContextAI

The vulnerability exists in the bfd (Binary File Descriptor) library's ELF linker implementation, specifically the elf_link_add_object_symbols function in bfd/elflink.c. This function processes ELF (Executable and Linkable Format) object files during the linking phase, parsing symbol tables and performing relocation operations. The out-of-bounds read (CWE-119) occurs when the linker fails to properly validate array bounds or structure offsets while processing malformed ELF headers or symbol entries. The BFD library is a core component of GNU Binutils, used by the linker (ld), assembler (as), and other tools to manipulate object files and executables. An attacker must supply a specially crafted ELF file that triggers unsafe memory access within the linker's parsing logic.

RemediationAI

Upgrade GNU Binutils to version 2.46 or later, which includes the fix identified in commit 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. For systems unable to upgrade immediately, restrict the linker's input to ELF files from trusted sources only-disable or carefully monitor any automated build processes that accept object files from external or user-supplied sources. If development workflows require processing external ELF files, isolate the linking step in a sandboxed environment (e.g., separate build container) to limit exposure to other system components. Verify patch application by checking the binutils version with ld --version and confirming the commit hash in the binary metadata if available. The low EPSS and impact severity mean this is a lower-priority patch for most systems, but should be included in standard maintenance windows for active development environments.

CVE-2025-11413 vulnerability details – vuln.today

Back