CVE-2025-9301 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	3.3 LOW	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 6%

Debian Releases

Debian Product

Codename

cmake

bookworm	unimportant
bullseye	unimportant
forky	unimportant
sid	unimportant
trixie	unimportant

openSUSE / SLES Releases

openSUSE Product

Release

cmake

suse enterprise desktop 15 SP6	3.28.3-150600.3.3.1 fixed
suse enterprise desktop 15 SP7	3.28.3-150600.3.3.1 fixed
suse enterprise sap 15 SP6	3.28.3-150600.3.3.1 fixed
suse enterprise sap 15 SP7	3.28.3-150600.3.3.1 fixed
suse enterprise server 15 SP4	3.20.4-150400.4.9.1 fixed
suse enterprise server 15 SP6	3.28.3-150600.3.3.1 fixed
suse enterprise server 15 SP7	3.28.3-150600.3.3.1 fixed

cmake-full

suse enterprise desktop 15 SP6	3.28.3-150600.3.3.1 fixed
suse enterprise desktop 15 SP7	3.28.3-150600.3.3.1 fixed
suse enterprise sap 15 SP6	3.28.3-150600.3.3.1 fixed
suse enterprise sap 15 SP7	3.28.3-150600.3.3.1 fixed
suse enterprise server 15 SP4	3.20.4-150400.4.9.1 fixed
suse enterprise server 15 SP6	3.28.3-150600.3.3.1 fixed
suse enterprise server 15 SP7	3.28.3-150600.3.3.1 fixed

Common Weakness Enumeration

CWE-617 - Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References

https://drive.google.com/file/d/1TerUqQB8_lzJTwIBCBmE94zn7n-gOz4f/view?usp=sharing

https://gitlab.kitware.com/cmake/cmake/-/commit/37e27f71bc356d880c908040cd0cb68fa2c371b8

https://gitlab.kitware.com/cmake/cmake/-/issues/27135

https://gitlab.kitware.com/cmake/cmake/-/issues/27135#note_1691629

https://vuldb.com/?ctiid.320906

https://vuldb.com/?id.320906

https://vuldb.com/?submit.632369