CVE-2025-66861 – A vulnerability in BinUtils' cp-demangle.c func... (How to Fix)

Q: What is the severity of CVE-2025-66861?

CVE-2025-66861 has a CVSS score of 2.5 (LOW). A vulnerability in BinUtils' cp-demangle.c function allows attackers to cause denial of service through specially crafted PE files. This affects systems using BinUtils for binary analysis or development. The low CVSS score indicates limited impact scope.

📋 TL;DR

A vulnerability in BinUtils' cp-demangle.c function allows attackers to cause denial of service through specially crafted PE files. This affects systems using BinUtils for binary analysis or development. The low CVSS score indicates limited impact scope.

💻 Affected Systems

Products:

BinUtils

Versions: 2.26 (specific version mentioned in CVE)

Operating Systems: Linux, Unix-like systems, Cross-platform tools

Default Config Vulnerable: ⚠️ Yes

Notes: Affects tools using the cp-demangle.c component, potentially including c++filt, objdump, and other BinUtils utilities.

📦 What is this software?

Binutils by Gnu

View all CVEs affecting Binutils →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Application crash leading to service disruption for tools using BinUtils demangling functionality.

🟠

Likely Case

Local denial of service when processing malicious PE files with affected BinUtils tools.

🟢

If Mitigated

No impact if vulnerable tools aren't processing untrusted PE files.

🌐 Internet-Facing: LOW - Typically requires local file processing, not network-accessible.

🏢 Internal Only: MEDIUM - Could affect build systems or analysis tools processing untrusted binaries.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof-of-concept available in GitHub repository showing crash. Exploitation requires ability to feed crafted PE file to vulnerable tool.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: BinUtils version after 2.26 (check latest release)

Vendor Advisory: https://sourceware.org/bugzilla/show_bug.cgi?id=XXXXX (specific bug ID not provided in CVE)

Restart Required: No

Instructions:

1. Update BinUtils to latest version from official repository. 2. Recompile any applications linked against BinUtils. 3. Verify fix with test cases.

🔧 Temporary Workarounds

Restrict PE file processing

linux

Limit processing of untrusted PE files by BinUtils tools

chmod -x /usr/bin/c++filt
remove execute permissions from vulnerable tools

Input validation wrapper

linux

Create script wrapper to validate PE files before processing

#!/bin/bash
if file "$1" | grep -q "PE32"; then
    echo "PE file detected - skipping"
    exit 1
fi
/usr/bin/c++filt "$@"

🧯 If You Can't Patch

Isolate BinUtils tools in sandboxed environments
Implement strict file upload controls for PE files

🔍 How to Verify

Check if Vulnerable:

Check BinUtils version: c++filt --version | grep 'GNU c++filt'

Check Version:

c++filt --version | head -1

Verify Fix Applied:

Test with provided PoC file from GitHub repository

📡 Detection & Monitoring

Log Indicators:

Segmentation fault logs from c++filt or objdump
Core dumps from BinUtils processes

Network Indicators:

N/A - local file processing vulnerability

SIEM Query:

process.name:"c++filt" AND event.action:"segmentation_fault"

📊 Metadata

CVE ID: CVE-2025-66861

CVSS v3 Score: 2.5 (LOW)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE: CWE-400

EPSS Score: 0.03% exploit probability (6.9th percentile)

Published: December 29, 2025

Last Updated: January 14, 2026

🔗 References

https://github.com/caozhzh/CRGF-Vul/blob/main/cxxfilt/crash1.md Exploit,Third Party Advisory
https://github.com/caozhzh/CRGF-Vul/blob/main/cxxfilt/crash1.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-66861, you might also want to check these: