Cyber Resilience

CVE-2025-1352

LowPublic PoCUpdated

Published: 16 February 2025

Published
16 February 2025
Modified
02 June 2026
KEV Added
Patch
CVSS Score v4 2.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0014 34.1th percentile
Risk Priority 5 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1352 is a low-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Elfutils Project Elfutils. Its CVSS base score is 2.3 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 34.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-1352 is a memory corruption vulnerability (CWE-119) in GNU elfutils version 0.192. It affects the __libdw_thread_tail function within the libdw_alloc.c library of the eu-readelf component, where manipulation of the 'w' argument triggers the issue.

The vulnerability enables remote attacks with no privileges required (PR:N), but exploitation demands high attack complexity (AC:H) and user interaction (UI:R). Successful exploitation results in low-impact confidentiality, integrity, and availability effects (C:L/I:L/A:L), yielding a CVSS 3.1 base score of 5.0. While considered difficult to exploit, a public exploit has been disclosed and may be usable.

Advisories recommend applying the patch with commit hash 2636426a091bd6c6f7f02e49ab20d4cdc6bfc753 to mitigate the issue. Details are documented in Sourceware Bugzilla bug 32650, including an attachment at id=15923, and VULDB entries at ctiid.295960 and id.295960.

EU & UK References

Vulnerability details

A vulnerability has been found in GNU elfutils 0.192 and classified as critical. This vulnerability affects the function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf. The manipulation of the argument w leads to memory corruption. The attack can…

more

be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 2636426a091bd6c6f7f02e49ab20d4cdc6bfc753. It is recommended to apply a patch to fix this issue.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Memory corruption (CWE-119) in eu-readelf via crafted ELF input enables exploitation for client-side code execution (T1203) or application crashes/DoS (T1499.004) when users process malicious files remotely delivered.

CVEs Like This One

CVE-2025-1365Same product: Elfutils Project Elfutils
CVE-2025-1372Same product: Elfutils Project Elfutils
CVE-2026-43658Shared CWE-119
CVE-2024-52923Shared CWE-119
CVE-2025-9185Shared CWE-119
CVE-2026-2521Shared CWE-119
CVE-2026-7324Shared CWE-119
CVE-2026-0891Shared CWE-119
CVE-2026-6752Shared CWE-119
CVE-2026-8093Shared CWE-119

Affected Assets

elfutils project
elfutils
0.192

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 requires timely identification, reporting, and correction of flaws like the memory corruption in GNU elfutils, directly enabling application of the specified patch to eliminate the vulnerability.

prevent

SI-16 implements memory protections such as address space layout randomization and data execution prevention, which directly mitigate exploitation of memory corruption vulnerabilities like CWE-119 in __libdw_thread_tail.

detect

RA-5 mandates vulnerability scanning to identify the presence of CVE-2025-1352 in deployed GNU elfutils instances, enabling prioritization for remediation.

References