CVE-2025-7546

| EUVD-2025-21277 MEDIUM
2025-07-13 [email protected]
5.3
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

4
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 16, 2026 - 09:18 vuln.today
EUVD ID Assigned
Mar 16, 2026 - 09:18 euvd
EUVD-2025-21277
CVE Published
Jul 13, 2025 - 22:15 nvd
MEDIUM 5.3

Tags

Buffer Overflow Ubuntu Debian Binutils Redhat Suse

Description

A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.

Analysis

A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.

Technical Context

A buffer overflow occurs when data written to a buffer exceeds its allocated size, potentially overwriting adjacent memory and corrupting program state.

Affected Products

Affected products: Gnu Binutils 2.45

Remediation

Use memory-safe languages or bounds-checked functions. Enable ASLR, DEP/NX, and stack canaries. Apply vendor patches promptly.

Priority Score

27
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +26
POC: 0

Vendor Status

Ubuntu

Priority: Medium
binutils
Release Status Version
bionic not-affected -
focal not-affected -
jammy not-affected -
trusty not-affected -
noble released 2.42-4ubuntu2.6
plucky released 2.44-3ubuntu1.1
upstream released 2.46
xenial not-affected -
questing not-affected -
USN-7847-1

Debian

binutils
Release Status Fixed Version Urgency
bullseye vulnerable 2.35.2-2 -
bookworm vulnerable 2.40-2 -
trixie vulnerable 2.44-3 -
forky, sid fixed 2.46-3 -
(unstable) fixed 2.45-3 unimportant

Share

CVE-2025-7546 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy