Is there a public PoC exploit available for CVE-2025-11495?

Yes, a public proof-of-concept exploit is available for CVE-2025-11495. Prioritise patching immediately. EPSS: 0.0%.

Is there a patch available for CVE-2025-11495?

Yes, a patch is available for CVE-2025-11495. Update the affected software to the latest version immediately.

GNU Binutils CVE-2025-11495

Q: What is the CVSS score of CVE-2025-11495?

CVE-2025-11495 has a CVSS 4.0 base score of 1.9 (Low). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

LOW

Buffer Overflow (CWE-119)

2025-10-08 cna@vuldb.com

Buffer Overflow

1.9

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

1.9 LOW

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Apr 29, 2026 - 01:33 vuln.today

DescriptionCVE.org

A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch.

AnalysisAI

Heap-based buffer overflow in GNU Binutils 2.45 linker component affects the elf_x86_64_relocate_section function, allowing authenticated local attackers to cause availability impact with low complexity exploitation. CVSS score of 1.9 reflects limited scope (availability only, no confidentiality or integrity impact), though publicly available exploit code exists and patch has been released by the upstream project.

Technical ContextAI

GNU Binutils is a collection of binary tools including the linker, assembler, and related utilities. The vulnerability exists in elf64-x86-64.c, specifically in the elf_x86_64_relocate_section function which handles relocation processing for x86-64 ELF binaries during the linking phase. The heap-based buffer overflow (CWE-119) suggests improper bounds checking when writing relocation data to dynamically allocated memory. This occurs in a lower-privilege context (PR:L per CVSS vector), indicating the vulnerability requires a non-root user to trigger during the linking process.

RemediationAI

Apply the upstream patch commit 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0 from the GNU Binutils project (https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0). Most Linux distributions will likely backport this fix into their binutils packages; users should update to the next available binutils version after 2.45 released by their distribution. For developers on affected systems, the immediate workaround is to avoid linking x86-64 ELF binaries until the patch is applied, though this is rarely a practical constraint since most development occurs on maintained systems. No compensating controls are necessary given the local-only, low-privilege, availability-only impact profile.

CVE-2025-11495 vulnerability details – vuln.today

Back