CVE-2025-1153 : A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. A

A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 2.45 is able to address this issue. The identifier of the patch is 8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150. It is recommended to upgrade the affected component.

Published 2025-02-10 19:15:40

Updated 2025-04-04 23:15:42

Source VulDB

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2025-1153

GNU » Binutils » Version: 2.43
cpe:2.3:a:gnu:binutils:2.43:*:*:*:*:*:*:*
Matching versions
GNU » Binutils » Version: 2.44
cpe:2.3:a:gnu:binutils:2.44:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2025-1153

EPSS FAQ

0.13%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 33 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2025-1153

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
2.6	LOW	AV:N/AC:H/Au:N/C:N/I:N/A:P	4.9	2.9	VulDB	2025-02-10
Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
3.1	LOW	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L	1.6	1.4	VulDB	2025-02-10
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: Low
5.9	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H	2.2	3.6	NIST	2025-03-03
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
2.3	LOW	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/V...	N/A	N/A	VulDB	2025-02-10
Attack Vector: Network Attack Complexity: High Attack Requirements: None Privileges Required: None User Interaction: Passive Confidentiality (VC): None Integrity (VI): None Availability (VA): Low

CWE ids for CVE-2025-1153

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: cna@vuldb.com (Secondary)

References for CVE-2025-1153

https://www.gnu.org/

The GNU Operating System and the Free Software Movement
Product

CVEs referencing this url
https://security.netapp.com/advisory/ntap-20250404-0005/
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150

sourceware.org Git - binutils-gdb.git/commit
Patch
https://vuldb.com/?id.295057

CVE-2025-1153 GNU Binutils format.c bfd_set_format memory corruption
Permissions Required;VDB Entry
https://vuldb.com/?submit.489991

Exploit;Third Party Advisory;VDB Entry
https://vuldb.com/?ctiid.295057

Permissions Required;VDB Entry
https://sourceware.org/bugzilla/show_bug.cgi?id=32603

Exploit;Issue Tracking;Third Party Advisory

Jump to

Vulnerability Details : CVE-2025-1153

Products affected by CVE-2025-1153

Exploit prediction scoring system (EPSS) score for CVE-2025-1153

CVSS scores for CVE-2025-1153

CWE ids for CVE-2025-1153

References for CVE-2025-1153