CVE-2025-1372 – A critical buffer overflow vulnerability in GNU... (How to Fix)

Q: What is the severity of CVE-2025-1372?

CVE-2025-1372 has a CVSS score of 5.3 (MEDIUM). A critical buffer overflow vulnerability in GNU elfutils' eu-readelf tool allows local attackers to execute arbitrary code or cause denial of service by manipulating specially crafted ELF files. This affects systems running vulnerable versions of elfutils where eu-readelf processes untrusted ELF files. The vulnerability requires local access to the system.

📋 TL;DR

A critical buffer overflow vulnerability in GNU elfutils' eu-readelf tool allows local attackers to execute arbitrary code or cause denial of service by manipulating specially crafted ELF files. This affects systems running vulnerable versions of elfutils where eu-readelf processes untrusted ELF files. The vulnerability requires local access to the system.

💻 Affected Systems

Products:

GNU elfutils

Versions: Versions up to and including 0.192

Operating Systems: Linux and other Unix-like systems

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems where eu-readelf is installed and processes untrusted ELF files. Many Linux distributions include elfutils by default.

📦 What is this software?

Elfutils by Elfutils Project

View all CVEs affecting Elfutils →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to full system compromise, arbitrary code execution as the user running eu-readelf, or complete system crash.

🟠

Likely Case

Denial of service (eu-readelf crash) or limited code execution within the context of the user running the vulnerable binary.

🟢

If Mitigated

Minimal impact if proper access controls prevent untrusted users from running eu-readelf on malicious files.

🌐 Internet-Facing: LOW - Requires local access, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Local attackers with access to run eu-readelf on malicious files could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires local access and ability to run eu-readelf on a malicious ELF file. Public exploit details available in bug tracker attachments.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after commit 73db9d2021cab9e23fd734b0a76a612d52a6f1db

Vendor Advisory: https://sourceware.org/bugzilla/show_bug.cgi?id=32656

Restart Required: No

Instructions:

1. Update elfutils package from your distribution's repositories. 2. For source installations: apply patch from commit 73db9d2021cab9e23fd734b0a76a612d52a6f1db and recompile. 3. Verify eu-readelf version after update.

🔧 Temporary Workarounds

Restrict eu-readelf execution

linux

Limit which users can execute eu-readelf using filesystem permissions or mandatory access controls

chmod 750 /usr/bin/eu-readelf
setfacl -m u:trusteduser:rx /usr/bin/eu-readelf

Remove eu-readelf

linux

Uninstall eu-readelf if not required for system operation

apt remove elfutils
yum remove elfutils
dnf remove elfutils

🧯 If You Can't Patch

Implement strict access controls to prevent untrusted users from running eu-readelf
Monitor for suspicious eu-readelf execution patterns and file access

🔍 How to Verify

Check if Vulnerable:

Run: eu-readelf --version | grep 'elfutils' && test $(eu-readelf --version | grep -o '[0-9]\+\.[0-9]\+' | head -1) <= 0.192

Check Version:

eu-readelf --version | grep 'elfutils'

Verify Fix Applied:

Check version is >0.192: eu-readelf --version | grep 'elfutils' && test $(eu-readelf --version | grep -o '[0-9]\+\.[0-9]\+' | head -1) > 0.192

📡 Detection & Monitoring

Log Indicators:

Segmentation fault or crash logs from eu-readelf process
Unusual eu-readelf execution by non-privileged users

Network Indicators:

None - local exploit only

SIEM Query:

process.name:"eu-readelf" AND (event.action:"segmentation_fault" OR event.outcome:"failure")

📊 Metadata

CVE ID: CVE-2025-1372

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-119

EPSS Score: 0.1% exploit probability (28.6th percentile)

Published: February 17, 2025

Last Updated: November 4, 2025

🔗 References

https://sourceware.org/bugzilla/attachment.cgi?id=15927 Exploit
https://sourceware.org/bugzilla/show_bug.cgi?id=32656 Exploit,Issue Tracking
https://sourceware.org/bugzilla/show_bug.cgi?id=32656#c3 Exploit,Issue Tracking
https://sourceware.org/bugzilla/show_bug.cgi?id=32657 Exploit,Issue Tracking
https://vuldb.com/?ctiid.295981 Permissions Required,VDB Entry
https://vuldb.com/?id.295981 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.496485 Third Party Advisory,VDB Entry
https://www.gnu.org/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-1372, you might also want to check these: