Is there a public PoC exploit available for CVE-2025-11414?

Yes, a public proof-of-concept exploit is available for CVE-2025-11414. Prioritise patching immediately. EPSS: 0.0%.

GNU Binutils CVE-2025-11414

Q: What is the CVSS score of CVE-2025-11414?

CVE-2025-11414 has a CVSS 4.0 base score of 1.9 (Low). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

LOW

Buffer Overflow (CWE-119)

2025-10-07 cna@vuldb.com

Buffer Overflow

1.9

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

1.9 LOW

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Apr 29, 2026 - 02:02 vuln.today

DescriptionCVE.org

A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.46 addresses this issue. Patch name: aeaaa9af6359c8e394ce9cf24911fec4f4d23703. It is advisable to upgrade the affected component.

AnalysisAI

Out-of-bounds read vulnerability in GNU Binutils 2.45 linker allows local authenticated attackers to trigger memory access violations via crafted input to the get_link_hash_entry function in bfd/elflink.c. The vulnerability has low severity (CVSS 1.9) with minimal direct impact but publicly available exploit code exists. Upgrade to version 2.46 resolves the issue.

Technical ContextAI

GNU Binutils is a collection of binary tools including the linker (ld), assembler (as), and related utilities used across Unix-like systems for binary manipulation and compilation. The vulnerability resides in the linker's ELF (Executable and Linkable Format) handling code, specifically in the get_link_hash_entry function within bfd/elflink.c. The underlying issue is classified as CWE-119 (improper restriction of operations within the bounds of a memory buffer), indicating that the linker fails to properly validate array or buffer access before reading hash table entries during link processing. This could allow an attacker to read uninitialized or sensitive memory adjacent to the target buffer.

RemediationAI

Upgrade GNU Binutils from version 2.45 to version 2.46 or later, which includes the fix from commit aeaaa9af6359c8e394ce9cf24911fec4f4d23703. For most Linux distributions, this is available through standard package managers (apt, yum, pacman, etc.) with 'sudo apt update && sudo apt upgrade binutils' or equivalent for your distribution. Verify the installed version with 'binutils --version'. If immediate upgrade is not feasible, restrict local shell access to untrusted users and monitor for signs of linker crashes during compilation, though this is a temporary measure only. Since Binutils is typically a build-time dependency rather than a runtime component, the practical risk of delaying patches on production systems is minimal, but development and build infrastructure should be updated promptly to prevent disruption of build pipelines.

CVE-2025-11414 vulnerability details – vuln.today

Back