CVE-2025-31160

low-risk

Published 2025-03-26

atop through 2.11.0 allows local users to cause a denial of service (e.g., assertion failure and application exit) or possibly have unspecified other impact by running certain types of unprivileged processes while a different user runs atop.

Do I need to act?

0.10% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 2.9/10 Low

LOCAL / HIGH complexity

References (11)

https://blog.bismuth.sh/blog/bismuth-found-the-atop-bug

https://github.com/Atoptool/atop

https://news.ycombinator.com/item?id=43477057

https://news.ycombinator.com/item?id=43485980

https://rachelbythebay.com/w/2025/03/26/atop/

http://www.openwall.com/lists/oss-security/2025/03/26/3

http://www.openwall.com/lists/oss-security/2025/03/27/1

http://www.openwall.com/lists/oss-security/2025/03/27/2

http://www.openwall.com/lists/oss-security/2025/03/27/3

http://www.openwall.com/lists/oss-security/2025/03/29/1

https://lists.debian.org/debian-lts-announce/2025/04/msg00013.html

/ 100

low-risk

Severity 8/34 · Low

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal