Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2025-5745
CVE-2025-5745:
Linux Debian vulnerability analysis and mitigation
Overview
CVE-2025-5745 is a vulnerability discovered in the GNU C Library (glibc) version 2.40 and later, specifically affecting the strncmp implementation optimized for the Power10 processor. The vulnerability was disclosed on June 5, 2025 (NVD).
Technical details
The vulnerability stems from the strncmp implementation writing to vector registers v20 to v31 without saving contents from the caller. These registers are defined as non-volatile registers by the powerpc64le ABI. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.6 (Medium) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L. The weakness has been classified as CWE-665 (Improper Initialization) (NVD).
Impact
The vulnerability can result in overwriting of register contents and potentially alter the control flow of the caller. Additionally, it may lead to leaking of input strings to the function to other parts of the program (NVD).
Mitigation and workarounds
The vulnerability affects multiple Debian releases including bullseye, bookworm, sid, and trixie. Currently, the vulnerability remains unfixed in these versions (Debian).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management