CVE-2025-11083

low-risk

Published 2025-09-27

A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with "[f]ixed for 2.46".

Do I need to act?

0.02% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Binutils

Affected Vendors

Gnu

References (10)

Broken Link https://sourceware.org/bugzilla/attachment.cgi?id=16353

Exploit https://sourceware.org/bugzilla/show_bug.cgi?id=33457

Exploit https://sourceware.org/bugzilla/show_bug.cgi?id=33457#c1

Patch https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9ca499644a21ceb3f946d...

Permissions Required https://vuldb.com/?ctiid.326124

Third Party Advisory https://vuldb.com/?id.326124

Third Party Advisory https://vuldb.com/?submit.661277

Product https://www.gnu.org/

Exploit https://sourceware.org/bugzilla/show_bug.cgi?id=33457

Exploit https://sourceware.org/bugzilla/show_bug.cgi?id=33457#c1

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal