Login Sign Up

CVE-2025-11083

5.3 MEDIUM

📋 TL;DR

A heap-based buffer overflow vulnerability in GNU Binutils' linker component allows local attackers to execute arbitrary code or cause denial of service. This affects systems using Binutils 2.45 for compiling or linking programs. Attackers must have local access to exploit this vulnerability.

💻 Affected Systems

Products:
  • GNU Binutils
Versions: Version 2.45 specifically
Operating Systems: Linux, Unix-like systems using GNU Binutils
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems where Binutils 2.45 is installed and used for linking operations. Development/build servers are most at risk.

📦 What is this software?

Binutils by Gnu

View all CVEs affecting Binutils →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to full system compromise, arbitrary code execution, or persistent backdoor installation.

🟠

Likely Case

Denial of service through application crashes or limited code execution within the context of the vulnerable process.

🟢

If Mitigated

Minimal impact if proper access controls limit local user privileges and process isolation is enforced.

🌐 Internet-Facing: LOW - Requires local access, cannot be exploited remotely.
🏢 Internal Only: MEDIUM - Local attackers with access to development/build systems could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploit details have been publicly disclosed in bug reports. Attack requires local access and ability to trigger the vulnerable linker function.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.46 or later

Vendor Advisory: https://sourceware.org/bugzilla/show_bug.cgi?id=33457

Restart Required: No

Instructions:

1. Update Binutils to version 2.46 or later. 2. Apply the specific patch with commit hash 9ca499644a21ceb3f946d1c179c38a83be084490. 3. Recompile any affected binaries using the updated linker.

🔧 Temporary Workarounds

Restrict local user access

all

Limit access to development/build systems to trusted users only

Use alternative linker

all

Temporarily use a different linker version if available

🧯 If You Can't Patch

  • Implement strict access controls on development/build systems
  • Monitor for suspicious linking operations and process crashes

🔍 How to Verify

Check if Vulnerable:

Check Binutils version: ld --version | grep 'GNU ld' and verify if version is 2.45

Check Version:

ld --version | grep 'GNU ld'

Verify Fix Applied:

Verify Binutils version is 2.46 or later, or check that commit 9ca499644a21ceb3f946d1c179c38a83be084490 is applied

📡 Detection & Monitoring

Log Indicators:

  • Segmentation faults in linker processes
  • Unusual linking operations from non-privileged users

Network Indicators:

  • None - local exploit only

SIEM Query:

Process: ld AND (ExitCode: 139 OR ExitCode: 11) OR Process: as AND ExitCode: 139

📊 Metadata

CVE ID: CVE-2025-11083
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-119
EPSS Score: 0.03% exploit probability (9.5th percentile)
Published: September 27, 2025
Last Updated: October 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11083, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)