Vulnerability DatabaseCVE-2025-11412

CVE-2025-11412:
Linux Debian vulnerability analysis and mitigation

Overview

A vulnerability has been discovered in GNU Binutils version 2.45, specifically affecting the bfdelfgcrecordvtentry function within the bfd/elflink.c file of the Linker component. The vulnerability was disclosed on October 7, 2025, and requires local access to exploit (NVD).

Technical details

The vulnerability is classified as an out-of-bounds read issue in the Linker component. It has been assigned CVSS scores across multiple versions: CVSS v4.0 score of 4.8 (Medium), CVSS v3.1 score of 3.3 (Low), and is associated with CWE-125 (Out-of-bounds Read) and CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer). The vulnerability has been patched with the identifier 047435dd988a3975d40c6626a8f739a0b2e154bc (NVD).

Impact

The vulnerability's impact is primarily focused on system stability and potential information disclosure through out-of-bounds read operations. The attack requires local access to be exploited, limiting its potential impact to systems where an attacker already has local access privileges (NVD).

Mitigation and workarounds

To address this vulnerability, it is recommended to apply the available patch identified by commit 047435dd988a3975d40c6626a8f739a0b2e154bc. System administrators should prioritize updating GNU Binutils to a patched version when available (NVD).

Additional resources

Source: This report was generated using AI

Related Linux Debian vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-11414	MEDIUM	4.8	Linux Debian	binutils	No	No	Oct 07, 2025
CVE-2025-11413	MEDIUM	4.8	Linux Debian	binutils	No	No	Oct 07, 2025
CVE-2025-11412	MEDIUM	4.8	Linux Debian	binutils	No	No	Oct 07, 2025
CVE-2025-8291	MEDIUM	4.3	Python Interpreter	cpe:2.3:a:python:python	No	No	Oct 07, 2025
CVE-2023-53687	N/A	N/A	Linux Kernel	kernel-rt-debug-kvm	No	Yes	Oct 07, 2025