CVE-2025-12744

EUVD-2025-200735

03.12.2025, 09:15

A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command (docker inspect %s) without proper validation. An unprivileged local user can craft a payload that injects shell metacharacters, causing the root-running ABRT process to execute attacker-controlled commands and ultimately gain full root privileges.

OS Command Injection

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 25%

Red Hat Enterprise Linux Releases

Red Hat Product

Release

abrt

RHEL 8	0:2.10.9-25.el8_10 fixed
RHEL 8.2 AUS	0:2.10.9-25.el8_2 fixed
RHEL 8.4 AUS	0:2.10.9-25.el8_4 fixed
RHEL 8.6 AUS	0:2.10.9-25.el8_6 fixed
RHEL 8.6 E4S	0:2.10.9-25.el8_6 fixed
RHEL 8.6 TUS	0:2.10.9-25.el8_6 fixed
RHEL 8.8 E4S	0:2.10.9-25.el8_8 fixed
RHEL 8.8 TUS	0:2.10.9-25.el8_8 fixed

abrt-addon-ccpp

RHEL 8	0:2.10.9-25.el8_10 fixed
RHEL 8.2 AUS	0:2.10.9-25.el8_2 fixed
RHEL 8.4 AUS	0:2.10.9-25.el8_4 fixed
RHEL 8.6 AUS	0:2.10.9-25.el8_6 fixed
RHEL 8.6 E4S	0:2.10.9-25.el8_6 fixed
RHEL 8.6 TUS	0:2.10.9-25.el8_6 fixed
RHEL 8.8 E4S	0:2.10.9-25.el8_8 fixed
RHEL 8.8 TUS	0:2.10.9-25.el8_8 fixed

abrt-addon-coredump-helper

RHEL 8	0:2.10.9-25.el8_10 fixed
RHEL 8.2 AUS	0:2.10.9-25.el8_2 fixed
RHEL 8.4 AUS	0:2.10.9-25.el8_4 fixed
RHEL 8.6 AUS	0:2.10.9-25.el8_6 fixed
RHEL 8.6 E4S	0:2.10.9-25.el8_6 fixed
RHEL 8.6 TUS	0:2.10.9-25.el8_6 fixed
RHEL 8.8 E4S	0:2.10.9-25.el8_8 fixed
RHEL 8.8 TUS	0:2.10.9-25.el8_8 fixed

abrt-addon-kerneloops

RHEL 8	0:2.10.9-25.el8_10 fixed
RHEL 8.2 AUS	0:2.10.9-25.el8_2 fixed
RHEL 8.4 AUS	0:2.10.9-25.el8_4 fixed
RHEL 8.6 AUS	0:2.10.9-25.el8_6 fixed
RHEL 8.6 E4S	0:2.10.9-25.el8_6 fixed
RHEL 8.6 TUS	0:2.10.9-25.el8_6 fixed
RHEL 8.8 E4S	0:2.10.9-25.el8_8 fixed
RHEL 8.8 TUS	0:2.10.9-25.el8_8 fixed

abrt-addon-pstoreoops

RHEL 8	0:2.10.9-25.el8_10 fixed
RHEL 8.2 AUS	0:2.10.9-25.el8_2 fixed
RHEL 8.4 AUS	0:2.10.9-25.el8_4 fixed
RHEL 8.6 AUS	0:2.10.9-25.el8_6 fixed
RHEL 8.6 E4S	0:2.10.9-25.el8_6 fixed
RHEL 8.6 TUS	0:2.10.9-25.el8_6 fixed
RHEL 8.8 E4S	0:2.10.9-25.el8_8 fixed
RHEL 8.8 TUS	0:2.10.9-25.el8_8 fixed

abrt-addon-vmcore

RHEL 8	0:2.10.9-25.el8_10 fixed
RHEL 8.2 AUS	0:2.10.9-25.el8_2 fixed
RHEL 8.4 AUS	0:2.10.9-25.el8_4 fixed
RHEL 8.6 AUS	0:2.10.9-25.el8_6 fixed
RHEL 8.6 E4S	0:2.10.9-25.el8_6 fixed
RHEL 8.6 TUS	0:2.10.9-25.el8_6 fixed
RHEL 8.8 E4S	0:2.10.9-25.el8_8 fixed
RHEL 8.8 TUS	0:2.10.9-25.el8_8 fixed

abrt-addon-xorg

RHEL 8	0:2.10.9-25.el8_10 fixed
RHEL 8.2 AUS	0:2.10.9-25.el8_2 fixed
RHEL 8.4 AUS	0:2.10.9-25.el8_4 fixed
RHEL 8.6 AUS	0:2.10.9-25.el8_6 fixed
RHEL 8.6 E4S	0:2.10.9-25.el8_6 fixed
RHEL 8.6 TUS	0:2.10.9-25.el8_6 fixed
RHEL 8.8 E4S	0:2.10.9-25.el8_8 fixed
RHEL 8.8 TUS	0:2.10.9-25.el8_8 fixed

abrt-cli

RHEL 8	0:2.10.9-25.el8_10 fixed
RHEL 8.2 AUS	0:2.10.9-25.el8_2 fixed
RHEL 8.4 AUS	0:2.10.9-25.el8_4 fixed
RHEL 8.6 AUS	0:2.10.9-25.el8_6 fixed
RHEL 8.6 E4S	0:2.10.9-25.el8_6 fixed
RHEL 8.6 TUS	0:2.10.9-25.el8_6 fixed
RHEL 8.8 E4S	0:2.10.9-25.el8_8 fixed
RHEL 8.8 TUS	0:2.10.9-25.el8_8 fixed

abrt-cli-ng

RHEL 8	0:2.10.9-25.el8_10 fixed
RHEL 8.2 AUS	0:2.10.9-25.el8_2 fixed
RHEL 8.4 AUS	0:2.10.9-25.el8_4 fixed
RHEL 8.6 AUS	0:2.10.9-25.el8_6 fixed
RHEL 8.6 E4S	0:2.10.9-25.el8_6 fixed
RHEL 8.6 TUS	0:2.10.9-25.el8_6 fixed
RHEL 8.8 E4S	0:2.10.9-25.el8_8 fixed
RHEL 8.8 TUS	0:2.10.9-25.el8_8 fixed

abrt-console-notification

RHEL 8	0:2.10.9-25.el8_10 fixed
RHEL 8.2 AUS	0:2.10.9-25.el8_2 fixed
RHEL 8.4 AUS	0:2.10.9-25.el8_4 fixed
RHEL 8.6 AUS	0:2.10.9-25.el8_6 fixed
RHEL 8.6 E4S	0:2.10.9-25.el8_6 fixed
RHEL 8.6 TUS	0:2.10.9-25.el8_6 fixed
RHEL 8.8 E4S	0:2.10.9-25.el8_8 fixed
RHEL 8.8 TUS	0:2.10.9-25.el8_8 fixed

abrt-dbus

RHEL 8	0:2.10.9-25.el8_10 fixed
RHEL 8.2 AUS	0:2.10.9-25.el8_2 fixed
RHEL 8.4 AUS	0:2.10.9-25.el8_4 fixed
RHEL 8.6 AUS	0:2.10.9-25.el8_6 fixed
RHEL 8.6 E4S	0:2.10.9-25.el8_6 fixed
RHEL 8.6 TUS	0:2.10.9-25.el8_6 fixed
RHEL 8.8 E4S	0:2.10.9-25.el8_8 fixed
RHEL 8.8 TUS	0:2.10.9-25.el8_8 fixed

abrt-desktop

RHEL 8	0:2.10.9-25.el8_10 fixed
RHEL 8.2 AUS	0:2.10.9-25.el8_2 fixed
RHEL 8.4 AUS	0:2.10.9-25.el8_4 fixed
RHEL 8.6 AUS	0:2.10.9-25.el8_6 fixed
RHEL 8.6 E4S	0:2.10.9-25.el8_6 fixed
RHEL 8.6 TUS	0:2.10.9-25.el8_6 fixed
RHEL 8.8 E4S	0:2.10.9-25.el8_8 fixed
RHEL 8.8 TUS	0:2.10.9-25.el8_8 fixed

abrt-gui

RHEL 8	0:2.10.9-25.el8_10 fixed
RHEL 8.2 AUS	0:2.10.9-25.el8_2 fixed
RHEL 8.4 AUS	0:2.10.9-25.el8_4 fixed
RHEL 8.6 AUS	0:2.10.9-25.el8_6 fixed
RHEL 8.6 E4S	0:2.10.9-25.el8_6 fixed
RHEL 8.6 TUS	0:2.10.9-25.el8_6 fixed
RHEL 8.8 E4S	0:2.10.9-25.el8_8 fixed
RHEL 8.8 TUS	0:2.10.9-25.el8_8 fixed

abrt-gui-libs

RHEL 8	0:2.10.9-25.el8_10 fixed
RHEL 8.2 AUS	0:2.10.9-25.el8_2 fixed
RHEL 8.4 AUS	0:2.10.9-25.el8_4 fixed
RHEL 8.6 AUS	0:2.10.9-25.el8_6 fixed
RHEL 8.6 E4S	0:2.10.9-25.el8_6 fixed
RHEL 8.6 TUS	0:2.10.9-25.el8_6 fixed
RHEL 8.8 E4S	0:2.10.9-25.el8_8 fixed
RHEL 8.8 TUS	0:2.10.9-25.el8_8 fixed

abrt-libs

RHEL 8	0:2.10.9-25.el8_10 fixed
RHEL 8.2 AUS	0:2.10.9-25.el8_2 fixed
RHEL 8.4 AUS	0:2.10.9-25.el8_4 fixed
RHEL 8.6 AUS	0:2.10.9-25.el8_6 fixed
RHEL 8.6 E4S	0:2.10.9-25.el8_6 fixed
RHEL 8.6 TUS	0:2.10.9-25.el8_6 fixed
RHEL 8.8 E4S	0:2.10.9-25.el8_8 fixed
RHEL 8.8 TUS	0:2.10.9-25.el8_8 fixed

abrt-plugin-machine-id

RHEL 8	0:2.10.9-25.el8_10 fixed
RHEL 8.2 AUS	0:2.10.9-25.el8_2 fixed
RHEL 8.4 AUS	0:2.10.9-25.el8_4 fixed
RHEL 8.6 AUS	0:2.10.9-25.el8_6 fixed
RHEL 8.6 E4S	0:2.10.9-25.el8_6 fixed
RHEL 8.6 TUS	0:2.10.9-25.el8_6 fixed
RHEL 8.8 E4S	0:2.10.9-25.el8_8 fixed
RHEL 8.8 TUS	0:2.10.9-25.el8_8 fixed

abrt-plugin-sosreport

RHEL 8	0:2.10.9-25.el8_10 fixed
RHEL 8.2 AUS	0:2.10.9-25.el8_2 fixed
RHEL 8.4 AUS	0:2.10.9-25.el8_4 fixed
RHEL 8.6 AUS	0:2.10.9-25.el8_6 fixed
RHEL 8.6 E4S	0:2.10.9-25.el8_6 fixed
RHEL 8.6 TUS	0:2.10.9-25.el8_6 fixed
RHEL 8.8 E4S	0:2.10.9-25.el8_8 fixed
RHEL 8.8 TUS	0:2.10.9-25.el8_8 fixed

abrt-tui

RHEL 8	0:2.10.9-25.el8_10 fixed
RHEL 8.2 AUS	0:2.10.9-25.el8_2 fixed
RHEL 8.4 AUS	0:2.10.9-25.el8_4 fixed
RHEL 8.6 AUS	0:2.10.9-25.el8_6 fixed
RHEL 8.6 E4S	0:2.10.9-25.el8_6 fixed
RHEL 8.6 TUS	0:2.10.9-25.el8_6 fixed
RHEL 8.8 E4S	0:2.10.9-25.el8_8 fixed
RHEL 8.8 TUS	0:2.10.9-25.el8_8 fixed

python3-abrt

RHEL 8	0:2.10.9-25.el8_10 fixed
RHEL 8.2 AUS	0:2.10.9-25.el8_2 fixed
RHEL 8.4 AUS	0:2.10.9-25.el8_4 fixed
RHEL 8.6 AUS	0:2.10.9-25.el8_6 fixed
RHEL 8.6 E4S	0:2.10.9-25.el8_6 fixed
RHEL 8.6 TUS	0:2.10.9-25.el8_6 fixed
RHEL 8.8 E4S	0:2.10.9-25.el8_8 fixed
RHEL 8.8 TUS	0:2.10.9-25.el8_8 fixed

python3-abrt-addon

RHEL 8	0:2.10.9-25.el8_10 fixed
RHEL 8.2 AUS	0:2.10.9-25.el8_2 fixed
RHEL 8.4 AUS	0:2.10.9-25.el8_4 fixed
RHEL 8.6 AUS	0:2.10.9-25.el8_6 fixed
RHEL 8.6 E4S	0:2.10.9-25.el8_6 fixed
RHEL 8.6 TUS	0:2.10.9-25.el8_6 fixed
RHEL 8.8 E4S	0:2.10.9-25.el8_8 fixed
RHEL 8.8 TUS	0:2.10.9-25.el8_8 fixed

python3-abrt-container-addon

RHEL 8	0:2.10.9-25.el8_10 fixed
RHEL 8.2 AUS	0:2.10.9-25.el8_2 fixed
RHEL 8.4 AUS	0:2.10.9-25.el8_4 fixed
RHEL 8.6 AUS	0:2.10.9-25.el8_6 fixed
RHEL 8.6 E4S	0:2.10.9-25.el8_6 fixed
RHEL 8.6 TUS	0:2.10.9-25.el8_6 fixed
RHEL 8.8 E4S	0:2.10.9-25.el8_8 fixed
RHEL 8.8 TUS	0:2.10.9-25.el8_8 fixed

python3-abrt-doc

RHEL 8	0:2.10.9-25.el8_10 fixed
RHEL 8.2 AUS	0:2.10.9-25.el8_2 fixed
RHEL 8.4 AUS	0:2.10.9-25.el8_4 fixed
RHEL 8.6 AUS	0:2.10.9-25.el8_6 fixed
RHEL 8.6 E4S	0:2.10.9-25.el8_6 fixed
RHEL 8.6 TUS	0:2.10.9-25.el8_6 fixed
RHEL 8.8 E4S	0:2.10.9-25.el8_8 fixed
RHEL 8.8 TUS	0:2.10.9-25.el8_8 fixed

Common Weakness Enumeration

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References

https://access.redhat.com/security/cve/CVE-2025-12744

https://bugzilla.redhat.com/show_bug.cgi?id=2412467