CVE-2025-49809

| EUVD-2025-20020 HIGH
2025-07-04 [email protected]
7.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 16, 2026 - 02:42 euvd
EUVD-2025-20020
Analysis Generated
Mar 16, 2026 - 02:42 vuln.today
CVE Published
Jul 04, 2025 - 13:15 nvd
HIGH 7.8

Tags

Information Disclosure Apple Ubuntu Debian macOS Redhat Suse

Description

mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTR_PACKET environment variable. NOTE: mtr on macOS may often have Sudo rules, as an indirect consequence of Homebrew not installing setuid binaries.

Analysis

CVE-2025-49809 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.

Technical Context

Vulnerability type not specified by vendor. CVSS 7.8 indicates high severity.

Affected Products

['Unspecified product']

Remediation

Monitor vendor channels for patch availability.

Priority Score

39
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +39
POC: 0

Vendor Status

Ubuntu

Priority: Low
mtr
Release Status Version
trusty needs-triage -
xenial needs-triage -
bionic needs-triage -
focal needs-triage -
jammy needs-triage -
noble needs-triage -
upstream needs-triage -
oracular ignored end of life, was needs-triage
plucky ignored end of life, was needs-triage
questing needs-triage -

Debian

mtr
Release Status Fixed Version Urgency
bullseye vulnerable 0.94-1+deb11u1 -
bookworm vulnerable 0.95-1 -
trixie vulnerable 0.95-1.1 -
forky, sid vulnerable 0.96-1 -
(unstable) fixed (unfixed) unimportant

Share

CVE-2025-49809 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy