IM
IronMonkey Threat Research

CVE-2025-11839 MEDIUM

Published: 2025-10-16 | Last Modified: 2026-05-12 | Status: Modified

Description

A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing a manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be used for attacks.

CVSS Metrics

Base Score: 5.5 (MEDIUM)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack VectorLOCAL
Attack ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactHIGH

Source: [email protected]

Type: Primary

Exploitability Score: 1.8

Impact Score: 3.6

Base Score: 1.7 (LOW)

AV:L/AC:L/Au:S/C:N/I:N/A:P

Access VectorLOCAL
Access ComplexityLOW
AuthenticationSINGLE
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactPARTIAL

Source: [email protected]

Type: Secondary

Exploitability Score: 3.1

Impact Score: 2.9

Base Score: 1.9 (LOW)

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack VectorLOCAL
Attack ComplexityLOW
Attack RequirementsNONE
Privileges RequiredLOW
User InteractionNONE
Vulnerability ConfidentialityNONE
Vulnerability IntegrityNONE
Vulnerability AvailabilityLOW
Subsequent ConfidentialityNONE
Subsequent IntegrityNONE
Subsequent AvailabilityNONE

Source: [email protected]

Type: Secondary

Weaknesses

Source Type Description
[email protected] Secondary
en CWE-252
en CWE-253
[email protected] Primary
en CWE-252

Affected Products

Vendor Product Version Update Type
gnu binutils 2.45 <built-in method update of dict object at 0x702bdd607cc0> Application

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:gnu:binutils:2.45:*:*:*:*:*:*:*

References

Notification
Message here