Home > Vulnerability Database > CVE-2025-4802

Mend.io Vulnerability Database

CVE-2025-4802

Good to know:

Date: May 16, 2025

Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).

Severity Score

7.8

Related Resources (7)

Url: http://www.openwall.com/lists/oss-security/2025/05/17/2

Url: https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e

Url: https://security-tracker.debian.org/tracker/CVE-2025-4802

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-4802

Url: https://sourceware.org/bugzilla/show_bug.cgi?id=32976

Url: http://www.openwall.com/lists/oss-security/2025/05/16/7

Url: https://www.mend.io/vulnerability-database/CVE-2025-4802

Severity Score

7.8

Weakness Type (CWE)

Untrusted Search Path

CWE-426

Top Fix

Upgrade Version

Upgrade to version https://github.com/bminor/glibc.git - glibc-2.39

Learn More

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-4802

Good to know:

Date: May 16, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?