VDB
DEBIAN-CVE-2025-4802
DEBIAN-CVE-2025-4802
PUBLISHED
CVSS 7.800000190734863 HIGH
Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).
Risk Scores
CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | glibc | 2.36-9, 2.36-9, 2.36-9 |
| Debian:13 | glibc | 0, 0 |
| Debian:11 | glibc | 2.31-13, *, 2.31-13 |
| Debian:14 | glibc | 0, 0 |
Exploit Intelligence
- Proof of Concept for a statically compiled setuid binary vulnerable to dlopen with LD_LIBRARY_PATH (github-poc-repo)
- Proof of Concept for a statically compiled setuid binary vulnerable to dlopen with LD_LIBRARY_PATH (github-poc)
- summary.html (github-poc)
- dhi-victoriametrics-vmstorage.vex.json (github-poc)
- ghost_report_20260112_192608.json (github-poc)
- ghost_report_20260112_175243.json (github-poc)
- ghost_report_20260112_182220.json (github-poc)
Timeline
- May 16, 2025 CVE Published
- Apr 28, 2026 CVE Updated