Home > Vulnerability Database > CVE-2025-32022

Mend.io Vulnerability Database

CVE-2025-32022

Good to know:

Date: May 6, 2025

Finit provides fast init for Linux systems. Finit's urandom plugin has a heap buffer overwrite vulnerability at boot which leads to it overwriting other parts of the heap, possibly causing random instabilities and undefined behavior. The urandom plugin is enabled by default, so this bug affects everyone using Finit 4.2 or later that do not explicitly disable the plugin at build time. This bug is fixed in Finit 4.12. Those who cannot upgrade or backport the fix to urandom.c are strongly recommended to disable the plugin in the call to the "configure" script.

Severity Score

4.6

Related Resources (5)

Url: https://github.com/troglobit/finit/commit/3feff37ba51fa0a6a0a06f59682a0918aa5b04de

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-32022

Url: https://github.com/troglobit/finit/security/advisories/GHSA-fv6v-vw8h-9x79

Url: https://security-tracker.debian.org/tracker/CVE-2025-32022

Url: https://www.mend.io/vulnerability-database/CVE-2025-32022

Severity Score

4.6

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

Top Fix

Upgrade Version

Upgrade to version https://github.com/troglobit/finit.git - 4.12

Learn More

CVSS v3.1

Base Score:	4.6
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-32022

Good to know:

Date: May 6, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?