CVE-2025-69650
Published: 06 March 2026
Summary
CVE-2025-69650 is a high-severity Double Free (CWE-415) vulnerability in Gnu Binutils. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 35.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Double-free in readelf on crafted ELF input directly enables application crash for DoS (T1499.004 Application or System Exploitation); no code execution or other impacts observed.
NVD Description
GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return early without initializing the all_relocations array. As a result, process_got_section_contents() may pass an…
more
uninitialized r_symbol pointer to free(), leading to a double free and terminating the program with SIGABRT. No evidence of exploitable memory corruption or code execution was observed; the impact is limited to denial of service. NOTE: this is disputed by third parties because the observed behavior occurred only in pre-release code and did not affect any tagged version.
Deeper analysisAI
CVE-2025-69650, published on 2026-03-06, is a double free vulnerability (CWE-415) in the readelf tool of GNU Binutils versions through 2.46. The issue arises when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, the dump_relocations function may return early without initializing the all_relocations array, causing process_got_section_contents to pass an uninitialized r_symbol pointer to free(). This triggers a double free, terminating the program with SIGABRT. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
Attackers can exploit this by providing a specially crafted ELF binary to readelf, requiring no privileges or user interaction and feasible over a network vector per the CVSS assessment. Exploitation results in denial of service through process crash, with no evidence of exploitable memory corruption or code execution observed.
Sourceware Bugzilla entries 33698 and 33700 track the issue, with fixes committed to the Binutils-GDB git repository, including changes at 81e90cf63a10ad11772c2437c8f2a88f1a00c739 and ea4bc025abdba85a90e26e13f551c16a44bfa92. Third parties dispute the CVE, stating the behavior occurred only in pre-release code and does not affect tagged versions.
No real-world exploitation has been reported.
Details
- CWE(s)