CVE-2025-8735

EUVD-2025-24014
A vulnerability classified as problematic was found in GNU cflow up to 1.8. Affected by this vulnerability is the function yylex of the file c.c of the component Lexer. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
VulDBCNA
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
gnucflow
1.0
CNA
gnucflow
1.1
CNA
gnucflow
1.2
CNA
gnucflow
1.3
CNA
gnucflow
1.4
CNA
gnucflow
1.5
CNA
gnucflow
1.6
CNA
gnucflow
1.7
CNA
gnucflow
1.8
CNA
Debian logo
Debian Releases
Debian Product
Codename
cflow
bookworm
unimportant
bullseye
unimportant
forky
unimportant
sid
unimportant
trixie
unimportant
Common Weakness Enumeration
References
https://drive.google.com/file/d/1Q_rDQSEl3cBu6SUbfqr9pV9cHgvKcXFI/view?usp=drive_link
https://lists.gnu.org/archive/html/bug-cflow/2025-07/msg00000.html
https://vuldb.com/?ctiid.319231
https://vuldb.com/?id.319231
https://vuldb.com/?submit.622328
https://www.gnu.org/
https://www.openwall.com/lists/oss-security/2025/10/27/12