CVE-2025-29481 — Vulnetix

CVE-2025-29481 PUBLISHED

Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpf_object__init_prog` function of libbpf. This has been disputed by third parties who assert that "no one in their sane mind should be passing untrusted ELF files into libbpf while running under root."

EPSS 0.12% · 30.6th percentile

Risk Scores

EPSS Score

0.12%

30.6th percentile

Affected Products

Vendor	Product	Versions
Bitnami	bpftool	1.5.0
Bitnami	bpftool	1.5.0, 1.5.0, 1.5.0

Exploit Intelligence

https://github.com/lmarch2/poc/blob/main/libbpf/libbpf.md (cve.org)

Timeline

Apr 7, 2025 CVE Published
Apr 8, 2025 EPSS Score
Apr 11, 2025 Coalition ESS Score
Apr 21, 2025 EPSS Score
May 3, 2025 EPSS Score
May 16, 2025 EPSS Score
May 20, 2025 Coalition ESS Score
May 29, 2025 EPSS Score
Jun 10, 2025 EPSS Score
Jun 23, 2025 EPSS Score
Jul 6, 2025 EPSS Score
Jul 11, 2025 Coalition ESS Score

References

https://github.com/lmarch2/poc/blob/main/libbpf/libbpf.md url
https://nvd.nist.gov/vuln/detail/CVE-2025-29481 url

Open in Interactive Console →