CVE-2025-9403

EUVD-2025-25716
A vulnerability was determined in jqlang jq up to 1.6. Impacted is the function run_jq_tests of the file jq_test.c of the component JSON Parser. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Other versions might be affected as well.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
Affected Products (NVD)
VendorProductVersion
jqlangjq
𝑥
≤ 1.6
𝑥
= Vulnerable software versions
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
jq
suse enterprise desktop 15 SP7
1.6-150000.3.12.1
fixed
suse enterprise sap 15 SP7
1.6-150000.3.12.1
fixed
suse enterprise server 15 SP4
1.6-150000.3.12.1
fixed
suse enterprise server 15 SP7
1.6-150000.3.12.1
fixed
libjq-devel
suse enterprise desktop 15 SP7
1.6-150000.3.12.1
fixed
suse enterprise sap 15 SP7
1.6-150000.3.12.1
fixed
suse enterprise server 15 SP4
1.6-150000.3.12.1
fixed
suse enterprise server 15 SP7
1.6-150000.3.12.1
fixed
libjq1
suse enterprise desktop 15 SP7
1.6-150000.3.12.1
fixed
suse enterprise sap 15 SP7
1.6-150000.3.12.1
fixed
suse enterprise server 15 SP4
1.6-150000.3.12.1
fixed
suse enterprise server 15 SP7
1.6-150000.3.12.1
fixed
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://drive.google.com/file/d/1r8m9PhU_rk-QPj6OMcs415FcvWPD-zJY/view?usp=sharing
https://github.com/jqlang/jq/issues/3393
https://vuldb.com/?ctiid.321239
https://vuldb.com/?id.321239
https://vuldb.com/?submit.633170
https://github.com/jqlang/jq/issues/3393
https://vuldb.com/?submit.633170