Login Sign Up

CVE-2025-66865

7.5 HIGH
Denial of Service Buffer Overflow

📋 TL;DR

A stack-based buffer overflow vulnerability exists in the cp-demangle.c file of BinUtils 2.26, specifically in the d_print_comp_inner function. Attackers can exploit this by crafting a malicious PE file to cause a denial of service (crash) or potentially execute arbitrary code. This affects systems using BinUtils tools like cxxfilt, objdump, or readelf to process PE files.

💻 Affected Systems

Products:
  • BinUtils
  • GNU BinUtils
Versions: Version 2.26 specifically
Operating Systems: Linux, Unix-like systems, Windows (if compiled from source)
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems where BinUtils 2.26 is installed and used to process PE (Portable Executable) files. Many distributions ship newer versions.

📦 What is this software?

Binutils by Gnu

View all CVEs affecting Binutils →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise if the vulnerable binary processes attacker-controlled PE files.

🟠

Likely Case

Denial of service through application crash when processing malicious PE files.

🟢

If Mitigated

Limited impact if BinUtils tools are not used to process untrusted PE files.

🌐 Internet-Facing: MEDIUM - Risk exists if web applications or services use BinUtils to process uploaded PE files.
🏢 Internal Only: LOW - Typically requires local access or specific workflows involving PE file analysis.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Proof-of-concept crash demonstration is publicly available. Weaponization for RCE would require additional exploitation techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: BinUtils 2.27 or later

Vendor Advisory: https://sourceware.org/bugzilla/show_bug.cgi?id=XXXXX

Restart Required: No

Instructions:

1. Check current BinUtils version: `objdump --version`. 2. Update using package manager: `sudo apt update && sudo apt upgrade binutils` (Debian/Ubuntu) or `sudo yum update binutils` (RHEL/CentOS). 3. Verify update: `objdump --version | head -1`.

🔧 Temporary Workarounds

Restrict PE file processing

all

Limit use of BinUtils tools on untrusted PE files.

Use alternative tools

all

Replace vulnerable BinUtils tools with updated versions or alternatives for PE file analysis.

🧯 If You Can't Patch

  • Implement strict input validation for PE files processed by BinUtils tools.
  • Isolate systems using BinUtils 2.26 and restrict network access.

🔍 How to Verify

Check if Vulnerable:

Run `objdump --version | head -1` and check if output contains '2.26'. If yes, system is vulnerable.

Check Version:

objdump --version | head -1

Verify Fix Applied:

After update, run `objdump --version | head -1` and confirm version is 2.27 or higher.

📡 Detection & Monitoring

Log Indicators:

  • Segmentation fault or crash logs from cxxfilt, objdump, or readelf processes
  • Abnormal process termination with signal 11 (SIGSEGV)

Network Indicators:

  • Unusual PE file uploads to systems running BinUtils tools

SIEM Query:

process_name IN ('cxxfilt', 'objdump', 'readelf') AND exit_code = 139

📊 Metadata

CVE ID: CVE-2025-66865
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-121
EPSS Score: 0.07% exploit probability (22.1th percentile)
Published: December 29, 2025
Last Updated: January 14, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-66865, you might also want to check these:

CVE-2024-39791 10.0

CVE-2024-39791 is a critical stack-based buffer overflow vulnerability in Vonets industrial WiFi bri...

Same vulnerability type (CWE-121)
CVE-2022-20699 10.0

This critical vulnerability in Cisco Small Business routers allows unauthenticated remote attackers ...

Same vulnerability type (CWE-121)
CVE-2022-20701 10.0

This CVE describes multiple critical vulnerabilities in Cisco Small Business RV series routers that ...

Same vulnerability type (CWE-121)