CVE-2025-66866 – A vulnerability in BinUtils' cp-demangle.c allo... (How to Fix)

Q: What is the severity of CVE-2025-66866?

CVE-2025-66866 has a CVSS score of 7.5 (HIGH). A vulnerability in BinUtils' cp-demangle.c allows attackers to cause denial of service through crafted PE files. This affects systems using BinUtils for binary analysis or development. The issue stems from improper input validation in the d_abi_tags function.

📋 TL;DR

A vulnerability in BinUtils' cp-demangle.c allows attackers to cause denial of service through crafted PE files. This affects systems using BinUtils for binary analysis or development. The issue stems from improper input validation in the d_abi_tags function.

💻 Affected Systems

Products:

BinUtils

Versions: Version 2.26

Operating Systems: Linux, Unix-like systems, Windows (via Cygwin/MinGW)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems using c++filt or other BinUtils tools that process PE files with C++ mangled names.

📦 What is this software?

Binutils by Gnu

View all CVEs affecting Binutils →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash or service disruption when processing malicious PE files, potentially affecting dependent applications.

🟠

Likely Case

Application crash or hang when processing specially crafted PE files during binary analysis operations.

🟢

If Mitigated

Limited impact with proper input validation and sandboxing of binary processing operations.

🌐 Internet-Facing: LOW - BinUtils is typically used internally for development/binary analysis, not directly exposed to internet.

🏢 Internal Only: MEDIUM - Could affect build systems, development environments, or security tools processing untrusted binaries.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof-of-concept crash files available in referenced GitHub repository. Exploitation requires processing of crafted PE files.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: BinUtils 2.27 or later

Vendor Advisory: https://sourceware.org/bugzilla/show_bug.cgi?id=XXXXX

Restart Required: No

Instructions:

1. Download latest BinUtils from official source. 2. Compile and install. 3. Replace existing BinUtils binaries. 4. Verify installation with version check.

🔧 Temporary Workarounds

Input Validation

all

Implement strict input validation for PE files before processing with BinUtils tools.

Sandbox Processing

linux

Run BinUtils tools in isolated containers or sandboxes when processing untrusted binaries.

docker run --rm -v $(pwd):/input ubuntu binutils-command /input/file.exe

🧯 If You Can't Patch

Restrict access to BinUtils tools to trusted users only
Implement network segmentation for systems running vulnerable BinUtils versions

🔍 How to Verify

Check if Vulnerable:

Check BinUtils version: c++filt --version | grep 'GNU c++filt'

Check Version:

c++filt --version | head -1

Verify Fix Applied:

Verify version is 2.27 or higher and test with known malicious PE file

📡 Detection & Monitoring

Log Indicators:

Segmentation fault logs from c++filt
Abnormal process termination of BinUtils tools
High CPU/memory usage followed by crash

Network Indicators:

Unusual file transfers to systems running BinUtils
PE files with abnormal structure being processed

SIEM Query:

process_name:"c++filt" AND (event_type:"crash" OR exit_code:139)

📊 Metadata

CVE ID: CVE-2025-66866

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-20

EPSS Score: 0.04% exploit probability (12.6th percentile)

Published: December 29, 2025

Last Updated: January 14, 2026

🔗 References

https://github.com/caozhzh/CRGF-Vul/blob/main/cxxfilt/crash6.md Exploit,Third Party Advisory
https://github.com/caozhzh/CRGF-Vul/blob/main/cxxfilt/crash6.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-66866, you might also want to check these: