CVE-2025-11413: 
NixOS vulnerability analysis and mitigation

A vulnerability was discovered in GNU Binutils version 2.45, specifically affecting the function elflinkaddobjectsymbols in the file bfd/elflink.c of the Linker component. The vulnerability was disclosed on October 7, 2025, and involves an out-of-bounds read condition that requires local access to exploit (NVD, VulDB).

The vulnerability is classified as a memory buffer issue (CWE-125: Out-of-bounds Read) with a CVSS v3.1 base score of 5.5 MEDIUM (Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). The vulnerability also received a CVSS v4.0 score of 4.8 MEDIUM (Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N) (NVD).

The vulnerability primarily affects system availability through an out-of-bounds read condition. While the confidentiality and integrity impacts are rated as none, the availability impact is rated as high according to the CVSS scoring (NVD).

The vulnerability has been addressed in GNU Binutils version 2.46. A patch has been identified with the commit hash 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Users are advised to upgrade to the newer version to mitigate this vulnerability (NVD).