CVE-2025-48060 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
GitHub_M	CNA	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 23%

Vendor	Product	Version
jqlang	jq	𝑥 ≤ 1.7.1

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

jq

plucky	needed
oracular	ignored
noble	needed
jammy	needed
focal	needed
bionic	needed
xenial	needed
trusty	needed

Known Exploits!

Common Weakness Enumeration

CWE-121 - Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.

Vulnerability Media Exposure

[GERMAN] Red Hat Enterprise Linux (jq): Mehrere Schwachstellen ermöglichen Denial of Service
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux (jq) ausnutzen, um einen Denial of Service Angriff durchzuführen.
Published: 2025-07-07T22:00:00+00:00

References

https://github.com/jqlang/jq/security/advisories/GHSA-p7rr-28xf-3m5w

https://github.com/jqlang/jq/security/advisories/GHSA-p7rr-28xf-3m5w