CVE-2025-5898
📋 TL;DR
A critical out-of-bounds write vulnerability in GNU PSPP's parse_variables_option function allows local attackers to execute arbitrary code or crash the application. This affects users running vulnerable versions of PSPP, particularly those processing untrusted data files. The vulnerability requires local access to exploit.
💻 Affected Systems
- GNU PSPP
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation leading to full system compromise via arbitrary code execution.
Likely Case
Application crash (denial of service) or limited code execution in the context of the PSPP process.
If Mitigated
Minimal impact if proper access controls prevent local users from running malicious PSPP commands.
🎯 Exploit Status
Exploit has been publicly disclosed and requires local access to execute malicious PSPP commands.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check GNU Savannah bug report #67071 for patched version
Vendor Advisory: https://savannah.gnu.org/bugs/index.php?67071
Restart Required: No
Instructions:
1. Check GNU Savannah for patched version. 2. Update PSPP to patched version. 3. Verify fix by testing with proof-of-concept.
🔧 Temporary Workarounds
Restrict PSPP execution
linuxLimit which users can execute PSPP commands to prevent exploitation
chmod 750 /usr/bin/pspp
setfacl -m u:trusteduser:rx /usr/bin/pspp
Avoid processing untrusted files
allDo not use pspp-convert on untrusted data files from unknown sources
🧯 If You Can't Patch
- Implement strict access controls to limit which users can run PSPP commands
- Monitor for suspicious PSPP process execution and file processing activities
🔍 How to Verify
Check if Vulnerable:
Check if PSPP version contains the vulnerable commit 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb or test with public proof-of-conceptCheck Version:
pspp --versionVerify Fix Applied:
Test with the disclosed exploit to confirm it no longer triggers the out-of-bounds write📡 Detection & Monitoring
Log Indicators:
- Unusual PSPP process crashes
- Multiple failed pspp-convert executions
- Suspicious file processing patterns
Network Indicators:
- None - local exploitation only
SIEM Query:
Process:pspp OR Process:pspp-convert AND (EventID:1000 OR EventID:1001) OR CommandLine:*malicious*