CVE-2025-54409

AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An attacker can crash the program during report printing or database listing after setting extended file attributes with an empty attribute value or with a key containing a comma. A local user might exploit this to cause a local denial of service. This issue has been patched in version 0.19.2. A workaround involves removing xattrs group from rules matching files on affected file systems.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.2 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
GitHub_MCNA
6.2 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
aide
bullseye
vulnerable
bullseye (security)
0.17.3-4+deb11u3
fixed
bookworm
vulnerable
bookworm (security)
0.18.3-1+deb12u4
fixed
trixie (security)
0.19.1-2+deb13u1
fixed
forky
vulnerable
trixie
vulnerable
sid
0.19.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
aide
plucky
Fixed 0.18.8-2ubuntu0.1
released
noble
Fixed 0.18.6-2ubuntu0.1
released
jammy
Fixed 0.17.4-1ubuntu0.2
released
focal
Fixed 0.16.1-1ubuntu0.1+esm1
released
bionic
Fixed 0.16-3ubuntu0.1+esm1
released
xenial
Fixed 0.16~a2.git20130520-3ubuntu0.1~esm2
released
trusty
Fixed 0.16~a2.git20130520-2ubuntu0.1+esm2
released
Common Weakness Enumeration
References
https://github.com/aide/aide/commit/54a6d0d9d5f14b81961d66373c0291bf4af4135a
https://github.com/aide/aide/releases/tag/v0.19.2
https://github.com/aide/aide/security/advisories/GHSA-79g7-f8rv-jcxh
https://github.com/aide/aide/security/advisories/GHSA-79g7-f8rv-jcxh