CVE-2025-69650
Published: 06 March 2026
Summary
CVE-2025-69650 is a high-severity Double Free (CWE-415) vulnerability in Gnu Binutils. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 36.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-69650, published on 2026-03-06, is a double free vulnerability (CWE-415) in the readelf tool of GNU Binutils versions through 2.46. The issue arises when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, the dump_relocations function may return early without initializing the all_relocations array, causing process_got_section_contents to pass an uninitialized r_symbol pointer to free(). This triggers a double free, terminating the program with SIGABRT. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
Attackers can exploit this by providing a specially crafted ELF binary to readelf, requiring no privileges or user interaction and feasible over a network vector per the CVSS assessment. Exploitation results in denial of service through process crash, with no evidence of exploitable memory corruption or code execution observed.
Sourceware Bugzilla entries 33698 and 33700 track the issue, with fixes committed to the Binutils-GDB git repository, including changes at 81e90cf63a10ad11772c2437c8f2a88f1a00c739 and ea4bc025abdba85a90e26e13f551c16a44bfa92. Third parties dispute the CVE, stating the behavior occurred only in pre-release code and does not affect tagged versions.
No real-world exploitation has been reported.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-208346
Vulnerability details
GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return early without initializing the all_relocations array. As a result, process_got_section_contents() may pass an…
more
uninitialized r_symbol pointer to free(), leading to a double free and terminating the program with SIGABRT. No evidence of exploitable memory corruption or code execution was observed; the impact is limited to denial of service. NOTE: this is disputed by third parties because the observed behavior occurred only in pre-release code and did not affect any tagged version.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Double-free in readelf on crafted ELF input directly enables application crash for DoS (T1499.004 Application or System Exploitation); no code execution or other impacts observed.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the double free vulnerability in GNU Binutils readelf by applying vendor-committed fixes to versions through 2.46.
Vulnerability scanning detects installations of vulnerable GNU Binutils readelf versions exposed to crafted ELF binaries.
Runtime memory protections detect double free during GOT relocation handling, limiting impact to observed DoS crash.