CVE-2025-66864 – A vulnerability in BinUtils' cp-demangle.c allo... (How to Fix)

Q: What is the severity of CVE-2025-66864?

CVE-2025-66864 has a CVSS score of 7.5 (HIGH). A vulnerability in BinUtils' cp-demangle.c allows attackers to cause denial of service through crafted PE files. This affects systems using BinUtils for binary analysis or development. The issue stems from improper input validation in the d_print_comp_inner function.

📋 TL;DR

A vulnerability in BinUtils' cp-demangle.c allows attackers to cause denial of service through crafted PE files. This affects systems using BinUtils for binary analysis or development. The issue stems from improper input validation in the d_print_comp_inner function.

💻 Affected Systems

Products:

BinUtils

Versions: Version 2.26 specifically mentioned; potentially other versions with similar code.

Operating Systems: Linux, Unix-like systems, Windows (through Cygwin/MinGW)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems using c++filt or other BinUtils tools that process PE files with C++ mangled names.

📦 What is this software?

Binutils by Gnu

View all CVEs affecting Binutils →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash or unavailability of BinUtils-dependent services, potentially disrupting build pipelines or security analysis tools.

🟠

Likely Case

Application crashes when processing malicious PE files, causing temporary service disruption for tools using c++filt or related demangling functions.

🟢

If Mitigated

Limited impact with proper input validation and sandboxing of file processing operations.

🌐 Internet-Facing: MEDIUM - Only affects systems that process untrusted PE files from external sources.

🏢 Internal Only: LOW - Requires processing of specifically crafted PE files, which is uncommon in most internal workflows.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof-of-concept crash files are publicly available in GitHub repositories. Exploitation requires the attacker to provide a crafted PE file to vulnerable BinUtils tools.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check BinUtils repository for fixes after version 2.26

Vendor Advisory: https://sourceware.org/bugzilla/show_bug.cgi?id=[CVE-2025-66864]

Restart Required: No

Instructions:

1. Check current BinUtils version. 2. Update to patched version from official repository. 3. Recompile if using source distribution. 4. Verify fix with test cases.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement pre-processing validation for PE files before passing to BinUtils tools.

# Example: Use file command to verify file type before processing
file --mime-type input_file | grep -q 'application/x-dosexec' && echo 'PE file detected'

Sandbox Execution

linux

Run BinUtils tools in isolated containers or sandboxes to limit crash impact.

docker run --rm -v $(pwd):/data ubuntu binutils-command /data/input_file
firejail --net=none c++filt input_file

🧯 If You Can't Patch

Restrict processing of untrusted PE files through BinUtils tools
Implement monitoring and alerting for BinUtils process crashes

🔍 How to Verify

Check if Vulnerable:

Test with provided PoC files from GitHub references using c++filt or objdump on PE files.

Check Version:

c++filt --version 2>&1 | head -1

Verify Fix Applied:

Attempt to process PoC files with updated BinUtils; should not crash.

📡 Detection & Monitoring

Log Indicators:

Segmentation fault or crash logs from c++filt, objdump, or other BinUtils processes
Abnormal process termination with signal 11 (SIGSEGV)

Network Indicators:

Unusual file uploads followed by BinUtils process crashes

SIEM Query:

process_name IN ('c++filt', 'objdump', 'readelf') AND exit_code = 139

📊 Metadata

CVE ID: CVE-2025-66864

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-20

EPSS Score: 0.04% exploit probability (12.6th percentile)

Published: December 29, 2025

Last Updated: January 14, 2026

🔗 References

https://github.com/caozhzh/CRGF-Vul/blob/main/cxxfilt/crash5.md Exploit,Third Party Advisory
https://github.com/caozhzh/CRGF-Vul/blob/main/cxxfilt/crash5.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-66864, you might also want to check these: