Vulnerability-Lookup

CVE-2025-7545 (GCVE-0-2025-7545)

Vulnerability from cvelistv5 – Published: 2025-07-13 21:44 – Updated: 2025-07-15 19:53

Title

GNU Binutils objcopy.c copy_section heap-based overflow

Summary

A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.

Severity ?

4.8 (Medium)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

5.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

5.3 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

CWE

CWE-122 - Heap-based Buffer Overflow
CWE-119 - Memory Corruption

Assigner

VulDB

References

URL

	Vendor	Product	Version
	GNU	Binutils	Affected: 2.45

CNVD-2025-17506

Vulnerability from cnvd - Published: 2025-08-04

Title

GNU Binutils copy_section函数缓冲区溢出漏洞

Description

GNU Binutils是一组用于处理二进制文件（如目标文件、可执行文件、库文件等）的开源工具集，主要用于编译、调试、逆向工程等领域。 GNU Binutils存在缓冲区溢出漏洞，该漏洞源于文件binutils/objcopy.c中函数copy_section未能正确验证输入数据的长度大小，攻击者可利用该漏洞导致拒绝服务。

Severity

中

Patch Name

GNU Binutils copy_section函数缓冲区溢出漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级程序修复该安全问题，详情见厂商官网： https://ftp.gnu.org/gnu/binutils/

Reference

https://sourceware.org/bugzilla/attachment.cgi?id=16117

Impacted products

Name
Gnu GNU Binutils 2.45

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-7545",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-7545"
    }
  },
  "description": "GNU Binutils\u662f\u4e00\u7ec4\u7528\u4e8e\u5904\u7406\u4e8c\u8fdb\u5236\u6587\u4ef6\uff08\u5982\u76ee\u6807\u6587\u4ef6\u3001\u53ef\u6267\u884c\u6587\u4ef6\u3001\u5e93\u6587\u4ef6\u7b49\uff09\u7684\u5f00\u6e90\u5de5\u5177\u96c6\uff0c\u4e3b\u8981\u7528\u4e8e\u7f16\u8bd1\u3001\u8c03\u8bd5\u3001\u9006\u5411\u5de5\u7a0b\u7b49\u9886\u57df\u3002\n\nGNU Binutils\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u6587\u4ef6binutils/objcopy.c\u4e2d\u51fd\u6570copy_section\u672a\u80fd\u6b63\u786e\u9a8c\u8bc1\u8f93\u5165\u6570\u636e\u7684\u957f\u5ea6\u5927\u5c0f\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51\uff1a\r\nhttps://ftp.gnu.org/gnu/binutils/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-17506",
  "openTime": "2025-08-04",
  "patchDescription": "GNU Binutils\u662f\u4e00\u7ec4\u7528\u4e8e\u5904\u7406\u4e8c\u8fdb\u5236\u6587\u4ef6\uff08\u5982\u76ee\u6807\u6587\u4ef6\u3001\u53ef\u6267\u884c\u6587\u4ef6\u3001\u5e93\u6587\u4ef6\u7b49\uff09\u7684\u5f00\u6e90\u5de5\u5177\u96c6\uff0c\u4e3b\u8981\u7528\u4e8e\u7f16\u8bd1\u3001\u8c03\u8bd5\u3001\u9006\u5411\u5de5\u7a0b\u7b49\u9886\u57df\u3002\r\n\r\nGNU Binutils\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u6587\u4ef6binutils/objcopy.c\u4e2d\u51fd\u6570copy_section\u672a\u80fd\u6b63\u786e\u9a8c\u8bc1\u8f93\u5165\u6570\u636e\u7684\u957f\u5ea6\u5927\u5c0f\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "GNU Binutils copy_section\u51fd\u6570\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Gnu GNU Binutils 2.45"
  },
  "referenceLink": "https://sourceware.org/bugzilla/attachment.cgi?id=16117",
  "serverity": "\u4e2d",
  "submitTime": "2025-07-25",
  "title": "GNU Binutils copy_section\u51fd\u6570\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

CVE-2025-7545

Vulnerability from fstec - Published: 03.06.2025

Title

Уязвимость компонента binutils/objcopy.c программного средства разработки GNU Binutils, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации, нарушить её целостность, а также вызвать отказ в обслуживании

Description

Уязвимость компонента binutils/objcopy.c программного средства разработки GNU Binutils связана с выходом операции за границы буфера в памяти. Эксплуатация уязвимости может позволить нарушителю получить несанкционированный доступ к защищаемой информации, нарушить её целостность, а также вызвать отказ в обслуживании

Severity ?


                    
                      AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L


                    
                      AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Vendor

Canonical Ltd., Red Hat Inc., Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», GNU General Public License

Software Name

Ubuntu, Red Hat Enterprise Linux, Debian GNU/Linux, OpenShift Container Platform, Astra Linux Special Edition (запись в едином реестре российских программ №369), Astra Linux Common Edition (запись в едином реестре российских программ №4433), GNU Binutils

Software Version

14.04 LTS (Ubuntu), 7 (Red Hat Enterprise Linux), 16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 8 (Red Hat Enterprise Linux), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 4 (OpenShift Container Platform), 20.04 LTS (Ubuntu), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 22.04 LTS (Ubuntu), 9 (Red Hat Enterprise Linux), 1.6 «Смоленск» (Astra Linux Common Edition), 24.04 LTS (Ubuntu), 1.8 (Astra Linux Special Edition), 25.04 (Ubuntu), 10 (Red Hat Enterprise Linux), 13 (Debian GNU/Linux), до 2.44 включительно (GNU Binutils), 3.8 (Astra Linux Special Edition)

Possible Mitigations

В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года. Использование рекомендаций: Для Binutils: использование рекомендаций производителя: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944 Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/cve-2025-7545 Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2025-7545 Для Ubuntu: https://ubuntu.com/security/CVE-2025-7545 Для ОС Astra Linux: обновить пакет binutils до 2.40-2.astra3 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0904SE18MD Для ОС Astra Linux: обновить пакет binutils до 2.31.1-16.astra2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0923SE17 Для ОС Astra Linux: обновить пакет binutils до 2.31.1-16.astra2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1020SE47 Для ОС Astra Linux: обновить пакет binutils до 2.28-5.astra4 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16 Для ОС Astra Linux: обновить пакет binutils до 2.40-2.astra4+ci1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se38-bulletin-2026-0126SE38 Для ОС Astra Linux: обновить пакет binutils до 2.40-2.astra4+ci1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se38-bulletin-2026-0126SE38

Reference

https://nvd.nist.gov/vuln/detail/CVE-2025-7545 https://security-tracker.debian.org/tracker/CVE-2025-7545 https://sourceware.org/bugzilla/show_bug.cgi?id=33049 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944 https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0904SE18MD https://access.redhat.com/security/cve/cve-2025-7545 https://ubuntu.com/security/CVE-2025-7545 https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0923SE17 https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1020SE47 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16 https://wiki.astralinux.ru/astra-linux-se38-bulletin-2026-0126SE38 https://wiki.astralinux.ru/astra-linux-se38-bulletin-2026-0126SE38

CWE

CWE-119, CWE-122

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
  "CVSS 4.0": "AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, GNU General Public License",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "14.04 LTS (Ubuntu), 7 (Red Hat Enterprise Linux), 16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 8 (Red Hat Enterprise Linux), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 4 (OpenShift Container Platform), 20.04 LTS (Ubuntu), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 22.04 LTS (Ubuntu), 9 (Red Hat Enterprise Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Common Edition), 24.04 LTS (Ubuntu), 1.8 (Astra Linux Special Edition), 25.04 (Ubuntu), 10 (Red Hat Enterprise Linux), 13 (Debian GNU/Linux), \u0434\u043e 2.44 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (GNU Binutils), 3.8 (Astra Linux Special Edition)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0412 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c\u0441\u044f \"\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c LINUX\", \u0438\u0437\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043c\u0435\u0442\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0424\u0421\u0422\u042d\u041a \u0420\u043e\u0441\u0441\u0438\u0438, \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u043e\u043c 25 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Binutils:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2025-7545\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2025-7545\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/CVE-2025-7545\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 binutils \u0434\u043e 2.40-2.astra3 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0904SE18MD\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 binutils \u0434\u043e 2.31.1-16.astra2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0923SE17\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 binutils \u0434\u043e 2.31.1-16.astra2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1020SE47\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 binutils \u0434\u043e 2.28-5.astra4 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 binutils \u0434\u043e 2.40-2.astra4+ci1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se38-bulletin-2026-0126SE38\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 binutils \u0434\u043e 2.40-2.astra4+ci1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se38-bulletin-2026-0126SE38",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "03.06.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "16.02.2026",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "22.09.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-11462",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-7545",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, Red Hat Enterprise Linux, Debian GNU/Linux, OpenShift Container Platform, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Astra Linux Common Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), GNU Binutils",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu 14.04 LTS , Red Hat Inc. Red Hat Enterprise Linux 7 , Canonical Ltd. Ubuntu 16.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Canonical Ltd. Ubuntu 18.04 LTS , Red Hat Inc. Red Hat Enterprise Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Canonical Ltd. Ubuntu 20.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Canonical Ltd. Ubuntu 22.04 LTS , Red Hat Inc. Red Hat Enterprise Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Common Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), Canonical Ltd. Ubuntu 24.04 LTS , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.8  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Canonical Ltd. Ubuntu 25.04 , Red Hat Inc. Red Hat Enterprise Linux 10 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 13 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 3.8  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 binutils/objcopy.c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 GNU Binutils, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0435\u0451 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119), \u041f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u0434\u0438\u043d\u0430\u043c\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-122)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 binutils/objcopy.c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 GNU Binutils \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u044b\u0445\u043e\u0434\u043e\u043c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0435\u0451 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2025-7545\nhttps://security-tracker.debian.org/tracker/CVE-2025-7545\nhttps://sourceware.org/bugzilla/show_bug.cgi?id=33049\nhttps://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944\nhttps://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0904SE18MD\nhttps://access.redhat.com/security/cve/cve-2025-7545\nhttps://ubuntu.com/security/CVE-2025-7545\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0923SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1020SE47\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16\nhttps://wiki.astralinux.ru/astra-linux-se38-bulletin-2026-0126SE38\nhttps://wiki.astralinux.ru/astra-linux-se38-bulletin-2026-0126SE38",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-119, CWE-122",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,3)\n\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 4.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 1,9)"
}

GHSA-6QHW-V5WG-5JJQ

Vulnerability from github – Published: 2025-07-14 00:31 – Updated: 2025-07-14 00:31

Details

Severity ?

5.3 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

1.9 (Low)


                  
                    CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-7545"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-13T22:15:23Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.",
  "id": "GHSA-6qhw-v5wg-5jjq",
  "modified": "2025-07-14T00:31:07Z",
  "published": "2025-07-14T00:31:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7545"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/bugzilla/attachment.cgi?id=16117"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33049"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33049#c1"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.316243"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.316243"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.614355"
    },
    {
      "type": "WEB",
      "url": "https://www.gnu.org"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

FKIE_CVE-2025-7545

Vulnerability from fkie_nvd - Published: 2025-07-13 22:15 - Updated: 2025-07-30 15:59

Severity ?

5.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cna@vuldb.com	https://sourceware.org/bugzilla/attachment.cgi?id=16117	Broken Link
cna@vuldb.com	https://sourceware.org/bugzilla/show_bug.cgi?id=33049	Issue Tracking
cna@vuldb.com	https://sourceware.org/bugzilla/show_bug.cgi?id=33049#c1	Issue Tracking
cna@vuldb.com	https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944	Broken Link
cna@vuldb.com	https://vuldb.com/?ctiid.316243	Permissions Required, VDB Entry
cna@vuldb.com	https://vuldb.com/?id.316243	Third Party Advisory, VDB Entry
cna@vuldb.com	https://vuldb.com/?submit.614355	Third Party Advisory, VDB Entry
cna@vuldb.com	https://www.gnu.org/	Product
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://sourceware.org/bugzilla/show_bug.cgi?id=33049#c1	Issue Tracking

Impacted products

	Vendor	Product	Version
	gnu	binutils	2.45

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:binutils:2.45:*:*:*:*:*:*:*",
              "matchCriteriaId": "60CBCA58-29DE-4A0A-BAF0-D0188FAF4884",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 una vulnerabilidad clasificada como problem\u00e1tica en GNU Binutils 2.45. Esta vulnerabilidad afecta a la funci\u00f3n copy_section del archivo binutils/objcopy.c. Esta manipulaci\u00f3n provoca un desbordamiento del b\u00fafer en el mont\u00f3n. Es necesario atacar localmente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. El parche se llama 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. Se recomienda aplicar un parche para solucionar este problema."
    }
  ],
  "id": "CVE-2025-7545",
  "lastModified": "2025-07-30T15:59:48.840",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "cna@vuldb.com",
        "type": "Secondary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.4,
        "source": "cna@vuldb.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "LOCAL",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "PROOF_OF_CONCEPT",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "LOW",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "LOW",
          "vulnConfidentialityImpact": "LOW",
          "vulnIntegrityImpact": "LOW",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "cna@vuldb.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-07-13T22:15:23.873",
  "references": [
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Broken Link"
      ],
      "url": "https://sourceware.org/bugzilla/attachment.cgi?id=16117"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33049"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33049#c1"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Broken Link"
      ],
      "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Permissions Required",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?ctiid.316243"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?id.316243"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?submit.614355"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Product"
      ],
      "url": "https://www.gnu.org/"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33049#c1"
    }
  ],
  "sourceIdentifier": "cna@vuldb.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        },
        {
          "lang": "en",
          "value": "CWE-122"
        }
      ],
      "source": "cna@vuldb.com",
      "type": "Secondary"
    }
  ]
}

CERTFR-2025-AVI-0693

Vulnerability from certfr_avis - Published: 2025-08-14 - Updated: 2025-08-14

De multiples vulnérabilités ont été découvertes dans VMware Tanzu. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
VMware	Tanzu	Tanzu pour Valkey versions 8.1.x antérieures à 8.1.3
VMware	Tanzu	Tanzu pour Valkey versions 8.0.x antérieures à 8.0.4
VMware	Tanzu	Tanzu pour Valkey versions antérieures à 3.0.0
VMware	Tanzu	Tanzu pour Valkey versions 7.2.x antérieures à 7.2.10

References

Title

Publication Time

Tags

Bulletin de sécurité VMware 36036	2025-08-14	vendor-advisory
Bulletin de sécurité VMware 36035	2025-08-14	vendor-advisory
Bulletin de sécurité VMware 36038	2025-08-14	vendor-advisory
Bulletin de sécurité VMware 36037	2025-08-14	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Tanzu pour Valkey versions 8.1.x ant\u00e9rieures \u00e0 8.1.3",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu pour Valkey versions 8.0.x ant\u00e9rieures \u00e0 8.0.4",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu pour Valkey versions ant\u00e9rieures \u00e0 3.0.0",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu pour Valkey versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2023-1175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1175"
    },
    {
      "name": "CVE-2024-11168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11168"
    },
    {
      "name": "CVE-2022-2817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2817"
    },
    {
      "name": "CVE-2022-2182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2182"
    },
    {
      "name": "CVE-2022-2874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2874"
    },
    {
      "name": "CVE-2025-25724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25724"
    },
    {
      "name": "CVE-2025-7545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7545"
    },
    {
      "name": "CVE-2021-3968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3968"
    },
    {
      "name": "CVE-2022-47008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47008"
    },
    {
      "name": "CVE-2023-48237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48237"
    },
    {
      "name": "CVE-2022-2344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2344"
    },
    {
      "name": "CVE-2023-48706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48706"
    },
    {
      "name": "CVE-2021-3572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3572"
    },
    {
      "name": "CVE-2022-3016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3016"
    },
    {
      "name": "CVE-2022-2285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2285"
    },
    {
      "name": "CVE-2025-0913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
    },
    {
      "name": "CVE-2022-2208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2208"
    },
    {
      "name": "CVE-2022-2982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2982"
    },
    {
      "name": "CVE-2023-5441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5441"
    },
    {
      "name": "CVE-2024-12797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
    },
    {
      "name": "CVE-2022-2287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2287"
    },
    {
      "name": "CVE-2023-4752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4752"
    },
    {
      "name": "CVE-2022-3153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3153"
    },
    {
      "name": "CVE-2022-2946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2946"
    },
    {
      "name": "CVE-2025-6069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
    },
    {
      "name": "CVE-2022-2862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2862"
    },
    {
      "name": "CVE-2022-2889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2889"
    },
    {
      "name": "CVE-2021-4173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4173"
    },
    {
      "name": "CVE-2025-4330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
    },
    {
      "name": "CVE-2025-49794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
    },
    {
      "name": "CVE-2023-48235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48235"
    },
    {
      "name": "CVE-2023-0051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0051"
    },
    {
      "name": "CVE-2024-9287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
    },
    {
      "name": "CVE-2024-43374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43374"
    },
    {
      "name": "CVE-2022-47007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47007"
    },
    {
      "name": "CVE-2025-4138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
    },
    {
      "name": "CVE-2025-24528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24528"
    },
    {
      "name": "CVE-2024-41957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41957"
    },
    {
      "name": "CVE-2024-56171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
    },
    {
      "name": "CVE-2023-4781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4781"
    },
    {
      "name": "CVE-2023-48231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48231"
    },
    {
      "name": "CVE-2023-2609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2609"
    },
    {
      "name": "CVE-2025-53905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53905"
    },
    {
      "name": "CVE-2021-45078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45078"
    },
    {
      "name": "CVE-2023-2222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2222"
    },
    {
      "name": "CVE-2022-3324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3324"
    },
    {
      "name": "CVE-2024-8176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
    },
    {
      "name": "CVE-2023-1170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1170"
    },
    {
      "name": "CVE-2022-2257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2257"
    },
    {
      "name": "CVE-2025-4373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4373"
    },
    {
      "name": "CVE-2024-45306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45306"
    },
    {
      "name": "CVE-2023-4751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4751"
    },
    {
      "name": "CVE-2021-4136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4136"
    },
    {
      "name": "CVE-2022-49043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
    },
    {
      "name": "CVE-2023-4738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4738"
    },
    {
      "name": "CVE-2025-1371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1371"
    },
    {
      "name": "CVE-2025-0938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
    },
    {
      "name": "CVE-2021-3928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3928"
    },
    {
      "name": "CVE-2025-1152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1152"
    },
    {
      "name": "CVE-2025-48060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48060"
    },
    {
      "name": "CVE-2023-48233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48233"
    },
    {
      "name": "CVE-2022-2042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2042"
    },
    {
      "name": "CVE-2022-44840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-44840"
    },
    {
      "name": "CVE-2022-2183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2183"
    },
    {
      "name": "CVE-2024-29040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29040"
    },
    {
      "name": "CVE-2025-47268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47268"
    },
    {
      "name": "CVE-2022-2304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2304"
    },
    {
      "name": "CVE-2022-2819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2819"
    },
    {
      "name": "CVE-2022-3705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3705"
    },
    {
      "name": "CVE-2023-1264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1264"
    },
    {
      "name": "CVE-2022-4293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4293"
    },
    {
      "name": "CVE-2025-26603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26603"
    },
    {
      "name": "CVE-2022-3234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3234"
    },
    {
      "name": "CVE-2025-50182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
    },
    {
      "name": "CVE-2022-2126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2126"
    },
    {
      "name": "CVE-2025-8194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
    },
    {
      "name": "CVE-2021-3973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3973"
    },
    {
      "name": "CVE-2025-50181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
    },
    {
      "name": "CVE-2021-4166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4166"
    },
    {
      "name": "CVE-2025-1795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
    },
    {
      "name": "CVE-2022-3256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3256"
    },
    {
      "name": "CVE-2025-4517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
    },
    {
      "name": "CVE-2022-2343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2343"
    },
    {
      "name": "CVE-2022-2849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2849"
    },
    {
      "name": "CVE-2025-48964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48964"
    },
    {
      "name": "CVE-2022-3235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3235"
    },
    {
      "name": "CVE-2022-2980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2980"
    },
    {
      "name": "CVE-2024-41965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41965"
    },
    {
      "name": "CVE-2022-3134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3134"
    },
    {
      "name": "CVE-2023-0512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0512"
    },
    {
      "name": "CVE-2022-2175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2175"
    },
    {
      "name": "CVE-2022-3297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3297"
    },
    {
      "name": "CVE-2022-0213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0213"
    },
    {
      "name": "CVE-2022-1616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1616"
    },
    {
      "name": "CVE-2023-48236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48236"
    },
    {
      "name": "CVE-2025-4435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
    },
    {
      "name": "CVE-2024-47814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47814"
    },
    {
      "name": "CVE-2022-2923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2923"
    },
    {
      "name": "CVE-2025-6020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
    },
    {
      "name": "CVE-2022-2284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2284"
    },
    {
      "name": "CVE-2024-12718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
    },
    {
      "name": "CVE-2022-2286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2286"
    },
    {
      "name": "CVE-2025-1377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1377"
    },
    {
      "name": "CVE-2021-3826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3826"
    },
    {
      "name": "CVE-2022-3352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3352"
    },
    {
      "name": "CVE-2024-25260",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25260"
    },
    {
      "name": "CVE-2023-0054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0054"
    },
    {
      "name": "CVE-2024-52533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52533"
    },
    {
      "name": "CVE-2025-24014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24014"
    },
    {
      "name": "CVE-2019-12900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
    },
    {
      "name": "CVE-2021-32256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32256"
    },
    {
      "name": "CVE-2022-3296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3296"
    },
    {
      "name": "CVE-2025-4802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4802"
    },
    {
      "name": "CVE-2023-0433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0433"
    },
    {
      "name": "CVE-2022-2345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2345"
    },
    {
      "name": "CVE-2025-22874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
    },
    {
      "name": "CVE-2021-3974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3974"
    },
    {
      "name": "CVE-2022-2845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2845"
    },
    {
      "name": "CVE-2022-2210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2210"
    },
    {
      "name": "CVE-2022-1725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1725"
    },
    {
      "name": "CVE-2025-1376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1376"
    },
    {
      "name": "CVE-2024-7592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
    },
    {
      "name": "CVE-2023-4735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4735"
    },
    {
      "name": "CVE-2023-4734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4734"
    },
    {
      "name": "CVE-2023-2610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2610"
    },
    {
      "name": "CVE-2025-29768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-29768"
    },
    {
      "name": "CVE-2022-1620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1620"
    },
    {
      "name": "CVE-2023-5535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5535"
    },
    {
      "name": "CVE-2024-10041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10041"
    },
    {
      "name": "CVE-2023-1972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1972"
    },
    {
      "name": "CVE-2025-4673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
    },
    {
      "name": "CVE-2022-47010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47010"
    },
    {
      "name": "CVE-2022-1720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1720"
    },
    {
      "name": "CVE-2024-10963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
    },
    {
      "name": "CVE-2024-57360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57360"
    },
    {
      "name": "CVE-2022-4292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4292"
    },
    {
      "name": "CVE-2025-22134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22134"
    },
    {
      "name": "CVE-2025-1215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1215"
    },
    {
      "name": "CVE-2024-0397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
    },
    {
      "name": "CVE-2023-48232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48232"
    },
    {
      "name": "CVE-2022-2522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2522"
    },
    {
      "name": "CVE-2025-4516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
    },
    {
      "name": "CVE-2022-2129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2129"
    },
    {
      "name": "CVE-2023-48234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48234"
    },
    {
      "name": "CVE-2025-1150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1150"
    },
    {
      "name": "CVE-2025-6021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
    },
    {
      "name": "CVE-2022-0351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0351"
    },
    {
      "name": "CVE-2024-22667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22667"
    },
    {
      "name": "CVE-2023-46246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46246"
    },
    {
      "name": "CVE-2024-43802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43802"
    },
    {
      "name": "CVE-2025-5245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5245"
    },
    {
      "name": "CVE-2025-5702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5702"
    },
    {
      "name": "CVE-2023-0288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0288"
    },
    {
      "name": "CVE-2024-23337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23337"
    },
    {
      "name": "CVE-2022-47011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47011"
    },
    {
      "name": "CVE-2022-3037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3037"
    },
    {
      "name": "CVE-2025-53906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53906"
    },
    {
      "name": "CVE-2022-1674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1674"
    },
    {
      "name": "CVE-2025-1153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1153"
    },
    {
      "name": "CVE-2022-3278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3278"
    },
    {
      "name": "CVE-2022-2206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2206"
    },
    {
      "name": "CVE-2024-12243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
    },
    {
      "name": "CVE-2022-2124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2124"
    },
    {
      "name": "CVE-2025-24928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
    },
    {
      "name": "CVE-2025-0395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0395"
    },
    {
      "name": "CVE-2022-38533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38533"
    },
    {
      "name": "CVE-2022-1619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1619"
    },
    {
      "name": "CVE-2025-3198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3198"
    },
    {
      "name": "CVE-2025-49796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
    },
    {
      "name": "CVE-2022-4141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4141"
    },
    {
      "name": "CVE-2022-3099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3099"
    },
    {
      "name": "CVE-2021-4187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4187"
    },
    {
      "name": "CVE-2021-3927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3927"
    },
    {
      "name": "CVE-2021-20197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20197"
    },
    {
      "name": "CVE-2025-1151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1151"
    },
    {
      "name": "CVE-2025-7546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7546"
    },
    {
      "name": "CVE-2023-1579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1579"
    },
    {
      "name": "CVE-2024-12133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
    },
    {
      "name": "CVE-2023-0049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0049"
    },
    {
      "name": "CVE-2023-5344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5344"
    },
    {
      "name": "CVE-2022-2125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2125"
    },
    {
      "name": "CVE-2022-2207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2207"
    },
    {
      "name": "CVE-2025-47273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
    },
    {
      "name": "CVE-2020-11023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
    },
    {
      "name": "CVE-2025-3576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3576"
    },
    {
      "name": "CVE-2023-1127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1127"
    }
  ],
  "initial_release_date": "2025-08-14T00:00:00",
  "last_revision_date": "2025-08-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0693",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-08-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Tanzu. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Tanzu",
  "vendor_advisories": [
    {
      "published_at": "2025-08-14",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36036",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36036"
    },
    {
      "published_at": "2025-08-14",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36035",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36035"
    },
    {
      "published_at": "2025-08-14",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36038",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36038"
    },
    {
      "published_at": "2025-08-14",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36037",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36037"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-7545 (GCVE-0-2025-7545)

CNVD-2025-17506

CVE-2025-7545

GHSA-6QHW-V5WG-5JJQ

FKIE_CVE-2025-7545

CERTFR-2025-AVI-0693

Solutions

Tags

Sightings

Nomenclature