CVE-2025-1365
Published: 17 February 2025
Summary
CVE-2025-1365 is a medium-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Elfutils Project Elfutils. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 7.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Mandates timely remediation of known software flaws by applying the available patch (commit 5e5c0394d82c53e97750fe7b18023e6f84157b81) for this buffer overflow in GNU elfutils eu-readelf.
Provides memory protection safeguards such as non-executable stacks and address randomization to prevent exploitation of the buffer overflow triggered by D/a argument manipulation.
Requires vulnerability scanning and monitoring of feeds to identify this publicly disclosed critical buffer overflow in elfutils version 0.192.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local buffer overflow in ELF parser (eu-readelf) enables code execution via crafted input file (T1204.002) and potential privilege escalation on vulnerable systems (T1068).
NVD Description
A vulnerability, which was classified as critical, was found in GNU elfutils 0.192. This affects the function process_symtab of the file readelf.c of the component eu-readelf. The manipulation of the argument D/a leads to buffer overflow. Local access is required…
more
to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 5e5c0394d82c53e97750fe7b18023e6f84157b81. It is recommended to apply a patch to fix this issue.
Deeper analysisAI
CVE-2025-1365 is a critical buffer overflow vulnerability in GNU elfutils version 0.192. It affects the process_symtab function in the file readelf.c within the eu-readelf component, triggered by manipulation of the D/a argument. The issue is associated with CWE-119 and CWE-120.
Local access is required for exploitation, with a CVSS v3.1 base score of 5.3 (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). A low-privileged local attacker can trigger the buffer overflow, achieving limited impacts on confidentiality, integrity, and availability. The exploit has been publicly disclosed.
A patch is available with commit identifier 5e5c0394d82c53e97750fe7b18023e6f84157b81, and applying it is recommended to fix the issue. Details, including the patch attachment, are documented in Sourceware Bugzilla bug 32654 and related entries.
Details
- CWE(s)