#VU109844 Untrusted search path in Glibc - CVE-2025-4802
Published: May 27, 2025
Vulnerability identifier: #VU109844
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-4802
CWE-ID: CWE-426
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Glibc
Glibc
Software vendor:
GNU
GNU
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to usage of an untrusted LD_LIBRARY_PATH environment variable. A local user can use the LD_LIBRARY_PATH environment variable to point to a malicious binary and execute arbitrary code with escalated privileges.
The vulnerability affects statically linked setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).
Remediation
Install updates from vendor's website.
External links
- http://www.openwall.com/lists/oss-security/2025/05/16/7
- http://www.openwall.com/lists/oss-security/2025/05/17/2
- https://sourceware.org/bugzilla/show_bug.cgi?id=32976
- https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e
- https://sourceware.org/cgit/glibc/tree/advisories/GLIBC-SA-2025-0002