CVE-2024-58251

low-risk

Published 2025-04-23

In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.

Do I need to act?

0.08% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 2.5/10 Low

LOCAL / HIGH complexity

References (4)

https://bugs.busybox.net/show_bug.cgi?id=15922

https://www.busybox.net

https://www.busybox.net/downloads/

http://www.openwall.com/lists/oss-security/2025/04/23/6

/ 100

low-risk

Severity 6/34 · Minimal

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal