CVE-2025-0840

MediumPublic PoC

Published: 29 January 2025

Published

29 January 2025

Modified

04 March 2025

KEV Added

—

Patch

—

CVSS Score 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

EPSS Score 0.0010 27.3th percentile

Risk Priority 10 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0840 is a medium-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Gnu Binutils. Its CVSS base score is 5.0 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 27.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Mandates timely remediation of flaws, including patching GNU Binutils to version 2.44 to eliminate the stack-based buffer overflow in objdump's disassemble_bytes function.

SI-16 Memory Protection good match

prevent

Implements memory protections such as stack canaries and non-executable stacks to block unauthorized code execution from stack-based buffer overflows like CVE-2025-0840.

RA-5 Vulnerability Monitoring and Scanning partial match

detect

Requires vulnerability scanning to identify systems running vulnerable GNU Binutils versions up to 2.43 affected by this buffer overflow.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

Why these techniques?

Stack buffer overflow in objdump enables arbitrary code execution when a user opens a crafted binary file (client-side exploitation).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemble_bytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate…

the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.44 is able to address this issue. The identifier of the patch is baac6c221e9d69335bf41366a1c7d87d8ab2f893. It is recommended to upgrade the affected component.

Deeper analysisAI

CVE-2025-0840 is a stack-based buffer overflow vulnerability in the disassemble_bytes function within binutils/objdump.c of GNU Binutils versions up to and including 2.43. The issue arises from manipulation of the 'buf' argument, classified under CWEs-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-121 (Stack-based Buffer Overflow), and CWE-787 (Out-of-bounds Write). It carries a CVSS v3.1 base score of 5.0 (AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L), rated as medium severity and problematic.

The vulnerability enables remote exploitation with no privileges required, though it demands high attack complexity and user interaction. An attacker could trigger the buffer overflow by supplying a specially crafted input to objdump, potentially resulting in limited impacts: low confidentiality (disclosure of sensitive information), integrity (modification of data), and availability (denial of service). Exploitability is described as difficult, but a proof-of-concept has been publicly disclosed and may be usable.

Advisories recommend upgrading to GNU Binutils version 2.44, which addresses the flaw via commit baac6c221e9d69335bf41366a1c7d87d8ab2f893. Relevant resources include the Sourceware Bugzilla entry (bug 32560) with attachment 15882 detailing the issue, the git patch, and VulDB entries (ctiid.293997, id.293997) for further analysis.

Details

CWE(s): CWE-119 CWE-121 CWE-787

Affected Products

gnu

binutils

≤ 2.44

CVEs Like This One

CVE-2025-1179Same product: Gnu Binutils

CVE-2025-69650Same product: Gnu Binutils

CVE-2025-69649Same product: Gnu Binutils

CVE-2025-69195Same vendor: Gnu

CVE-2025-1594Shared CWE-119, CWE-121

CVE-2026-5435Same vendor: Gnu

CVE-2025-13151Same vendor: Gnu

CVE-2025-1125Same vendor: Gnu

CVE-2026-5450Same vendor: Gnu

CVE-2026-7323Shared CWE-119, CWE-787

References

https://sourceware.org/bugzilla/attachment.cgi?id=15882
Broken Link · cna@vuldb.com
https://sourceware.org/bugzilla/show_bug.cgi?id=32560
Exploit, Issue Tracking · cna@vuldb.com
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=baac6c221e9d69335bf41366a1c7d87d8ab2f893
Patch · cna@vuldb.com
https://vuldb.com/?ctiid.293997
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.293997
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.485255
Exploit, Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.gnu.org/
Product · cna@vuldb.com