Vulnerability DatabaseCVE-2025-7545

CVE-2025-7545:
Linux Debian vulnerability analysis and mitigation

Overview

A vulnerability classified as problematic was found in GNU Binutils 2.45, affecting the function copy_section of the file binutils/objcopy.c. The vulnerability was disclosed on July 13, 2025, and has been assigned CVE-2025-7545 (NVD).

Technical details

The vulnerability is a heap-based buffer overflow in the copy_section function within binutils/objcopy.c. The CVSS scores indicate moderate severity across different versions: CVSS v4.0 score of 4.8 (Medium), CVSS v3.1 score of 5.3 (Medium), and CVSS v2.0 score of 4.3 (Medium). The vulnerability has been classified under CWE-122 (Heap-based Buffer Overflow) and CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) (NVD).

Impact

The vulnerability requires local access for exploitation and can potentially lead to heap-based buffer overflow conditions. The impact is considered moderate with potential consequences for confidentiality, integrity, and availability, all rated as Low in the CVSS scoring (NVD).

Mitigation and workarounds

A patch has been released and is identified by the commit hash 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is strongly recommended to apply this patch to mitigate the vulnerability (NVD).

Additional resources

Source: This report was generated using AI

View vulnerable instances

Not a Wiz customer?

Request vulnerability assessment

4.8

Score

Published July 13, 2025

Severity MEDIUM

CNA Score 4.8

Affected Technologies

Linux Debian
Linux Red Hat

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 1.4

Exploitation Probability (EPSS) N/A

Affected packages and libraries

gcc-toolset-14-binutils-gold
mingw-binutils-generic

Sources

NVD
Debian Security Tracker
- Debian 11, 12, 13 Severity LOWNo FixAdded at: Jul 15, 2025
Red Hat Errata
- Red Hat 7, 8, 9, 10 Severity MEDIUMNo FixAdded at: Jul 15, 2025