Login Sign Up

CVE-2025-8842

5.3 MEDIUM

📋 TL;DR

A use-after-free vulnerability in NASM Netwide Assembler 2.17rc0 allows local attackers to potentially execute arbitrary code or cause denial of service. The vulnerability exists in the do_directive function of preproc.c and requires local access to exploit. Users and systems running the affected NASM version are at risk.

💻 Affected Systems

Products:
  • NASM Netwide Assembler
Versions: 2.17rc0
Operating Systems: All platforms where NASM runs (Linux, Windows, macOS, etc.)
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects the specific release candidate version 2.17rc0. Stable releases and other versions are not affected.

📦 What is this software?

Netwide Assembler by Nasm

View all CVEs affecting Netwide Assembler →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to full system compromise or arbitrary code execution with the privileges of the NASM process.

🟠

Likely Case

Application crash (denial of service) or limited memory corruption leading to unstable behavior.

🟢

If Mitigated

Minimal impact if proper sandboxing and privilege separation are implemented.

🌐 Internet-Facing: LOW - Requires local access, not remotely exploitable.
🏢 Internal Only: MEDIUM - Local attackers could exploit this if they have access to systems running vulnerable NASM.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploit has been publicly disclosed but requires local access. Attack complexity is medium due to the need for specific manipulation of the do_directive function.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.17rc1 or later

Vendor Advisory: https://bugzilla.nasm.us/show_bug.cgi?id=3392933

Restart Required: No

Instructions:

1. Check current NASM version with 'nasm -v'. 2. If version is 2.17rc0, download and install the patched version from the official NASM repository. 3. Verify installation with 'nasm -v' to confirm version is 2.17rc1 or later.

🔧 Temporary Workarounds

Downgrade to stable version

linux

Replace vulnerable 2.17rc0 with the latest stable release (2.16.01 or earlier)

sudo apt remove nasm
sudo apt install nasm=2.16.01-1

Restrict NASM usage

all

Limit execution of NASM to trusted users only using file permissions or access controls

sudo chmod 750 /usr/bin/nasm
sudo chown root:trustedgroup /usr/bin/nasm

🧯 If You Can't Patch

  • Implement strict access controls to limit who can execute NASM binaries
  • Monitor systems for abnormal NASM process behavior or crashes

🔍 How to Verify

Check if Vulnerable:

Run 'nasm -v' and check if output contains '2.17rc0'

Check Version:

nasm -v

Verify Fix Applied:

Run 'nasm -v' and confirm version is 2.17rc1 or later, or test with the proof-of-concept exploit to verify it no longer works

📡 Detection & Monitoring

Log Indicators:

  • Segmentation fault or crash logs from NASM processes
  • Abnormal memory access patterns in system logs

Network Indicators:

  • None - this is a local vulnerability

SIEM Query:

Process:name='nasm' AND EventID=1000 OR EventID=APPCRASH

📊 Metadata

CVE ID: CVE-2025-8842
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-119
EPSS Score: 0.03% exploit probability (8.8th percentile)
Published: August 11, 2025
Last Updated: September 15, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-8842, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)