Home > Vulnerability Database > CVE-2025-54409

Mend.io Vulnerability Database

CVE-2025-54409

Good to know:

Date: August 14, 2025

AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An attacker can crash the program during report printing or database listing after setting extended file attributes with an empty attribute value or with a key containing a comma. A local user might exploit this to cause a local denial of service. This issue has been patched in version 0.19.2. A workaround involves removing xattrs group from rules matching files on affected file systems.

Severity Score

6.2

Related Resources (6)

Url: https://security-tracker.debian.org/tracker/CVE-2025-54409

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-54409

Url: https://github.com/aide/aide/security/advisories/GHSA-79g7-f8rv-jcxh

Url: https://github.com/aide/aide/commit/54a6d0d9d5f14b81961d66373c0291bf4af4135a

Url: https://github.com/aide/aide/releases/tag/v0.19.2

Url: https://www.mend.io/vulnerability-database/CVE-2025-54409

Severity Score

6.2

Weakness Type (CWE)

NULL Pointer Dereference

CWE-476

Top Fix

Upgrade Version

Upgrade to version https://github.com/aide/aide.git - v0.19.2

Learn More

CVSS v3.1

Base Score:	6.2
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-54409

Good to know:

Date: August 14, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?