CVE-2025-4802

Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
glibcCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
gnuglibc
2.27 ≤
𝑥
≤ 2.38
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
glibc
bullseye
vulnerable
bookworm
no-dsa
bullseye (security)
2.31-13+deb11u13
fixed
bookworm (security)
vulnerable
forky
2.41-12
fixed
sid
2.41-12
fixed
trixie
2.41-12
fixed
Common Weakness Enumeration
References
https://sourceware.org/bugzilla/show_bug.cgi?id=32976
https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e
http://www.openwall.com/lists/oss-security/2025/05/16/7
http://www.openwall.com/lists/oss-security/2025/05/17/2