AI description
CVE-2025-4802 involves an untrusted LD_LIBRARY_PATH environment variable vulnerability found in the GNU C Library (glibc) versions 2.27 to 2.38. This vulnerability allows an attacker to control the loading of dynamically shared libraries. Specifically, the issue affects statically compiled setuid binaries that call dlopen, including internal dlopen calls made after setlocale or calls to NSS functions like getaddrinfo. An attacker could potentially exploit this to execute arbitrary code or escalate privileges by manipulating the library path in setuid binaries.
- Description
- Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).
- Source
- 3ff69d7a-14f2-4f67-a097-88dee7810d18
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- 3ff69d7a-14f2-4f67-a097-88dee7810d18
- CWE-426
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
11
『Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries』 CVE-2025-4802 https://t.co/qFOBTF9hBz
@autumn_good_35
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 glibc CVE-2025-4802 puts Linux systems at risk of code execution. Update to glibc 2.39 now! 🔗 https://t.co/zZ6048IBuA #LinuxSecurity #glibc #CVE20254802 #Cybersecurity #InfoSec #securecybernews
@securecybernews
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2006-5051 2 - CVE-2025-4921 3 - CVE-2018-17144 4 - CVE-2025-4802 5 - CVE-2019-11248 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GNU Cライブラリ(glibc)において、環境変数を介した不正なライブラリ読み込みにより、権限昇格や任意コード実行が可能になる重大な脆弱性が発見された(CVE-2025-4802)。
@yousukezan
2158 Impressions
3 Retweets
16 Likes
5 Bookmarks
0 Replies
0 Quotes
elf: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH (CVE-2025-4802) https://t.co/SsveHoiqKS poc demonstrated it can be hijacked as DSO: https://t.co/xtbLYdZhgx
@hardenedlinux
1494 Impressions
6 Retweets
13 Likes
7 Bookmarks
1 Reply
1 Quote
GLIBC-SA-2025-0002 - elf: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH (CVE-2025-4802) https://t.co/fLUJRl1o9r
@andersonc0d3
555 Impressions
2 Retweets
12 Likes
2 Bookmarks
0 Replies
0 Quotes