CVE-2025-1372
Published: 17 February 2025
Summary
CVE-2025-1372 is a medium-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Elfutils Project Elfutils. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 13.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires identification, testing, and installation of patches for known flaws like the buffer overflow in elfutils eu-readelf, as specified by the provided commit hash.
Implements memory protections such as stack canaries, ASLR, and non-executable memory to block exploitation of buffer overflows even in vulnerable elfutils versions.
Enables vulnerability scanning to identify deployments of vulnerable GNU elfutils 0.192, facilitating timely remediation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local buffer overflow in eu-readelf enables arbitrary code execution for privilege escalation from low-privileged local context.
NVD Description
A vulnerability was found in GNU elfutils 0.192. It has been declared as critical. Affected by this vulnerability is the function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf. The manipulation of the argument z/x leads to buffer overflow.…
more
An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 73db9d2021cab9e23fd734b0a76a612d52a6f1db. It is recommended to apply a patch to fix this issue.
Deeper analysisAI
CVE-2025-1372 is a buffer overflow vulnerability in GNU elfutils version 0.192, affecting the dump_data_section and print_string_section functions within the readelf.c file of the eu-readelf component. The issue arises from manipulation of the z/x argument, classified under CWE-119 and CWE-120. It carries a CVSS v3.1 base score of 5.3 (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L), though described as critical in advisories.
The vulnerability requires local access with low privileges to exploit, involving low complexity and no user interaction. A successful attack triggers a buffer overflow, potentially allowing limited impacts on confidentiality, integrity, and availability, such as partial data exposure, modification, or denial of service. An exploit has been publicly disclosed and may be used by local attackers.
Advisories recommend applying the patch identified by commit hash 73db9d2021cab9e23fd734b0a76a612d52a6f1db to mitigate the issue. Relevant details, including the patch attachment, are documented in Sourceware Bugzilla entries such as bug 32656 and related comments, along with VulDB entry ctiid.295981.
Details
- CWE(s)