CVE-2025-1181

low-risk

Published 2025-02-11

A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function _bfd_elf_gc_mark_rsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 931494c9a89558acb36a03a340c01726545eef24. It is recommended to apply a patch to fix this issue.

Do I need to act?

0.12% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.0/10 Medium

NETWORK / HIGH complexity

Affected Products (4)

Binutils

Active Iq Unified Manager

Ontap Select Deploy Administration Utility

Affected Vendors

Gnu Netapp

References (10)

Broken Link https://sourceware.org/bugzilla/attachment.cgi?id=15918

Broken Link https://sourceware.org/bugzilla/show_bug.cgi?id=32643

Broken Link https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=931494c9a89558acb36a0...

Permissions Required https://vuldb.com/?ctiid.295084

Third Party Advisory https://vuldb.com/?id.295084

Exploit https://vuldb.com/?submit.495402

Product https://www.gnu.org/

Third Party Advisory https://security.netapp.com/advisory/ntap-20250425-0007/

Broken Link https://sourceware.org/bugzilla/show_bug.cgi?id=32643

Exploit https://vuldb.com/?submit.495402

/ 100

low-risk

Severity 16/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 10/34 · Low