CVE-2025-1352
Published: 16 February 2025
Summary
CVE-2025-1352 is a medium-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Elfutils Project Elfutils. Its CVSS base score is 5.0 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 30.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-2 requires timely identification, reporting, and correction of flaws like the memory corruption in GNU elfutils, directly enabling application of the specified patch to eliminate the vulnerability.
SI-16 implements memory protections such as address space layout randomization and data execution prevention, which directly mitigate exploitation of memory corruption vulnerabilities like CWE-119 in __libdw_thread_tail.
RA-5 mandates vulnerability scanning to identify the presence of CVE-2025-1352 in deployed GNU elfutils instances, enabling prioritization for remediation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Memory corruption (CWE-119) in eu-readelf via crafted ELF input enables exploitation for client-side code execution (T1203) or application crashes/DoS (T1499.004) when users process malicious files remotely delivered.
NVD Description
A vulnerability has been found in GNU elfutils 0.192 and classified as critical. This vulnerability affects the function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf. The manipulation of the argument w leads to memory corruption. The attack can…
more
be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 2636426a091bd6c6f7f02e49ab20d4cdc6bfc753. It is recommended to apply a patch to fix this issue.
Deeper analysisAI
CVE-2025-1352 is a memory corruption vulnerability (CWE-119) in GNU elfutils version 0.192. It affects the __libdw_thread_tail function within the libdw_alloc.c library of the eu-readelf component, where manipulation of the 'w' argument triggers the issue.
The vulnerability enables remote attacks with no privileges required (PR:N), but exploitation demands high attack complexity (AC:H) and user interaction (UI:R). Successful exploitation results in low-impact confidentiality, integrity, and availability effects (C:L/I:L/A:L), yielding a CVSS 3.1 base score of 5.0. While considered difficult to exploit, a public exploit has been disclosed and may be usable.
Advisories recommend applying the patch with commit hash 2636426a091bd6c6f7f02e49ab20d4cdc6bfc753 to mitigate the issue. Details are documented in Sourceware Bugzilla bug 32650, including an attachment at id=15923, and VULDB entries at ctiid.295960 and id.295960.
Details
- CWE(s)