How to fix CVE-2025-5899?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Is Ubuntu affected by CVE-2025-5899?

Organizations using A vulnerability classified as critical should be aware of moderate risk from CVE-2025-5899 rated CVSS 5.3. Exploitation could compromise the security of affected deployments. Organizations should apply vendor updates when available and monitor for exploitation.

CVE-2025-5899

EUVD-2025-17586 MEDIUM

2025-06-09 [email protected]

5.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 14, 2026 - 19:21 euvd

EUVD-2025-17586

Analysis Generated

Mar 14, 2026 - 19:21 vuln.today

CVE Published

Jun 09, 2025 - 22:15 nvd

MEDIUM 5.3

Description

A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to free of memory not on the heap. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

Analysis

A security vulnerability in A vulnerability classified as critical (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Technical Context

Vulnerability type not specified by vendor. Affects A vulnerability classified as critical.

Affected Products

['A vulnerability classified as critical']

Remediation

Monitor vendor channels for patch availability.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +26

POC: 0

Vendor Status

Ubuntu

Priority: Medium

pspp

Release	Status	Version
xenial	needs-triage	-
bionic	needs-triage	-
jammy	needs-triage	-
noble	needs-triage	-
upstream	needs-triage	-
oracular	ignored	end of life, was needs-triage
plucky	ignored	end of life, was needs-triage
questing	needs-triage	-

Debian

Bug #1107819

pspp

Release	Status	Fixed Version	Urgency
bullseye	vulnerable	1.4.1-1	-
bookworm	vulnerable	1.6.2-2	-
trixie	vulnerable	2.0.1-1	-
forky, sid	vulnerable	2.1.1-1	-
(unstable)	fixed	(unfixed)	-

CVE-2025-5899 vulnerability details – vuln.today

Back

CVE-2025-5899

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

CVE-2025-5899

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code