How to fix CVE-2025-12744?

Within 24 hours: Identify all systems running ABRT daemon and assess exposure to local user access; disable ABRT if operationally feasible or restrict daemon permissions. Within 7 days: Implement compensating controls including disabling docker inspect functionality in ABRT, applying file permission restrictions to mount information sources, and monitoring for exploitation attempts. Within 30 days: Establish continuous monitoring for vendor patch availability and prepare immediate deployment procedures; conduct security audit of affected systems for signs of compromise.

Is Docker affected by CVE-2025-12744?

CVE-2025-12744 is a critical privilege escalation vulnerability in ABRT daemon that allows unprivileged local users to execute arbitrary commands as root. Any organization running affected ABRT versions faces immediate risk of complete system compromise and requires urgent remediation or mitigation.

CVE-2025-12744

EUVD-2025-200735 HIGH

2025-12-03 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 15, 2026 - 16:14 euvd

EUVD-2025-200735

Analysis Generated

Mar 15, 2026 - 16:14 vuln.today

CVE Published

Dec 03, 2025 - 09:15 nvd

HIGH 8.8

Description

A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command (docker inspect %s) without proper validation. An unprivileged local user can craft a payload that injects shell metacharacters, causing the root-running ABRT process to execute attacker-controlled commands and ultimately gain full root privileges.

Analysis

Technical Context

Command injection allows an attacker to execute arbitrary OS commands on the host system through a vulnerable application that passes user input to system shells. This vulnerability is classified as OS Command Injection (CWE-78).

Remediation

Avoid passing user input to system commands. Use language-specific APIs instead of shell commands. If unavoidable, use strict input validation and escaping.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +44

POC: 0

Vendor Status

CVE-2025-12744 vulnerability details – vuln.today

Back

CVE-2025-12744

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Remediation

Priority Score

Vendor Status

Share

CVE-2025-12744

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Remediation

Priority Score

Vendor Status

Share

External POC / Exploit Code