CVE-2025-5245

low-risk

Published 2025-05-27

A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.

Do I need to act?

0.08% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Binutils

Affected Vendors

Gnu

References (7)

Broken Link https://sourceware.org/bugzilla/attachment.cgi?id=16004

Exploit https://sourceware.org/bugzilla/show_bug.cgi?id=32829

Product https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c3458a8b7ee7d39f070c...

Permissions Required https://vuldb.com/?ctiid.310347

Third Party Advisory https://vuldb.com/?id.310347

Third Party Advisory https://vuldb.com/?submit.584635

Product https://www.gnu.org/

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal