Login Sign Up

CVE-2025-65411

7.5 HIGH
Denial of Service

📋 TL;DR

A NULL pointer dereference vulnerability in GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service (DoS) by injecting a crafted payload into the search_path parameter. This affects systems running the vulnerable version of GNU Unrtf, potentially crashing the application when processing malicious input.

💻 Affected Systems

Products:
  • GNU Unrtf
Versions: Version 0.21.10 specifically
Operating Systems: All operating systems running GNU Unrtf
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems where unrtf processes untrusted input via the search_path parameter.

📦 What is this software?

Unrtf by Unrtf Project

UnRTF is a command-line utility that converts Rich Text Format (RTF) documents to other formats including HTML, LaTeX, and plain text. It is commonly used in document processing pipelines and text extraction workflows where RTF files need to be converted to more accessible formats.

Learn more about Unrtf →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete application crash leading to denial of service, potentially disrupting document conversion workflows that rely on unrtf.

🟠

Likely Case

Application crash when processing maliciously crafted input, requiring restart of the unrtf process.

🟢

If Mitigated

No impact if input validation or proper error handling is implemented.

🌐 Internet-Facing: LOW - unrtf is typically not exposed directly to the internet as a service.
🏢 Internal Only: MEDIUM - could be exploited by malicious users or processes with access to the system running unrtf.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability is in a specific parameter and requires crafting a payload to trigger the NULL pointer dereference.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check upstream for patched version as this is a recent CVE

Vendor Advisory: https://lists.gnu.org/archive/html/bug-unrtf/2025-11/msg00000.html

Restart Required: No

Instructions:

1. Monitor GNU Unrtf project for security updates. 2. Apply the official patch when available. 3. Recompile from source if using source distribution.

🔧 Temporary Workarounds

Input Validation

all

Validate and sanitize all input passed to the search_path parameter

Process Isolation

all

Run unrtf in a sandboxed or containerized environment to limit impact

🧯 If You Can't Patch

  • Restrict unrtf usage to trusted inputs only
  • Monitor for crash events and implement automatic restart mechanisms

🔍 How to Verify

Check if Vulnerable:

Check unrtf version with 'unrtf --version' and verify if it's 0.21.10

Check Version:

unrtf --version

Verify Fix Applied:

After patching, test with known malicious payloads to ensure the application doesn't crash

📡 Detection & Monitoring

Log Indicators:

  • Application crash logs
  • Segmentation fault errors in system logs

SIEM Query:

source="system_logs" AND ("segmentation fault" OR "unrtf" AND "crash")

📊 Metadata

CVE ID: CVE-2025-65411
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-476
EPSS Score: 0.08% exploit probability (24.5th percentile)
Published: December 30, 2025
Last Updated: January 9, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65411, you might also want to check these:

CVE-2022-36648 10.0

This CVE describes a vulnerability in QEMU's hardware emulation where a malformed program executed i...

Same vulnerability type (CWE-476)
CVE-2022-30592 9.8

This vulnerability in LiteSpeed QUIC (LSQUIC) before version 3.1.0 involves improper handling of MAX...

Same vulnerability type (CWE-476)
CVE-2023-47003 9.8

A NULL pointer dereference vulnerability in RedisGraph allows attackers to execute arbitrary code or...

Same vulnerability type (CWE-476)