Skip to main content

CVE-2025-9403

LOW
Reachable Assertion (CWE-617)
2025-08-25 cna@vuldb.com
Denial Of Service
1.9
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
1.9 LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
SUSE
1.7 LOW
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Red Hat
3.3 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

6
Severity Changed
Apr 29, 2026 - 01:11 NVD
MEDIUM LOW
CVSS changed
Apr 29, 2026 - 01:11 NVD
4.8 (MEDIUM) 1.9 (LOW)
Patch released
Apr 09, 2026 - 14:30 nvd
Patch available
Analysis Generated
Mar 28, 2026 - 19:08 vuln.today
PoC Detected
Sep 12, 2025 - 20:11 vuln.today
Public exploit code
CVE Published
Aug 25, 2025 - 03:15 nvd
MEDIUM 4.8

DescriptionCVE.org

A vulnerability was determined in jqlang jq up to 1.6. Impacted is the function run_jq_tests of the file jq_test.c of the component JSON Parser. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Other versions might be affected as well.

AnalysisAI

A vulnerability was determined in jqlang jq up to 1.6. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-617. A vulnerability was determined in jqlang jq up to 1.6. Impacted is the function run_jq_tests of the file jq_test.c of the component JSON Parser. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Other versions might be affected as well. Affected products include: Jqlang Jq. Version information: up to 1.6..

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Vendor StatusVendor

SUSE

Severity: Low
Product Status
Container suse/sle-micro-rancher/5.2:latest Image SLES15-SP7-CHOST-BYOS-Aliyun Image SLES15-SP7-CHOST-BYOS-Azure Image SLES15-SP7-CHOST-BYOS-EC2 Image SLES15-SP7-CHOST-BYOS-GCE Image SLES15-SP7-CHOST-BYOS-GDC Image SLES15-SP7-CHOST-BYOS-SAP-CCloud Affected
SUSE Linux Enterprise Desktop 15 SP7 SUSE Linux Enterprise High Performance Computing 15 SP7 SUSE Linux Enterprise Module for Basesystem 15 SP7 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP7 Fixed
SUSE Linux Enterprise Micro 5.2 Fixed
SUSE Linux Enterprise Micro 5.3 Fixed
SUSE Linux Enterprise Micro 5.4 Fixed

Share

CVE-2025-9403 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy