CVE-2025-11495

A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch.

CVSS v3 3.3 LOW
CVSS v2.0 1.7 LOW

3.3^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

1.7^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 3.1 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://sourceware.org/bugzilla/attachment.cgi?id=16393	Broken Link
https://sourceware.org/bugzilla/show_bug.cgi?id=33502	Exploit Issue Tracking
https://sourceware.org/bugzilla/show_bug.cgi?id=33502#c3	Exploit Issue Tracking
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0	Patch
https://vuldb.com/?ctiid.327620	Permissions Required VDB Entry
https://vuldb.com/?id.327620	Third Party Advisory VDB Entry
https://vuldb.com/?submit.668290	Third Party Advisory VDB Entry
https://www.gnu.org/	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:binutils:2.45:*:*:*:*:*:*:*

History

14 Oct 2025, 15:28

Type	Values Removed	Values Added
First Time		Gnu binutils Gnu
CPE		cpe:2.3:a:gnu:binutils:2.45:::::::*
References	~~() https://sourceware.org/bugzilla/attachment.cgi?id=16393 -~~	() https://sourceware.org/bugzilla/attachment.cgi?id=16393 - Broken Link
References	~~() https://sourceware.org/bugzilla/show_bug.cgi?id=33502 -~~	() https://sourceware.org/bugzilla/show_bug.cgi?id=33502 - Exploit, Issue Tracking
References	~~() https://sourceware.org/bugzilla/show_bug.cgi?id=33502#c3 -~~	() https://sourceware.org/bugzilla/show_bug.cgi?id=33502#c3 - Exploit, Issue Tracking
References	~~() https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0 -~~	() https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0 - Patch
References	~~() https://vuldb.com/?ctiid.327620 -~~	() https://vuldb.com/?ctiid.327620 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.327620 -~~	() https://vuldb.com/?id.327620 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.668290 -~~	() https://vuldb.com/?submit.668290 - Third Party Advisory, VDB Entry
References	~~() https://www.gnu.org/ -~~	() https://www.gnu.org/ - Product

08 Oct 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-10-08 20:15

Updated : 2025-10-14 15:28

NVD link : CVE-2025-11495

Mitre link : CVE-2025-11495

CVE.ORG link : CVE-2025-11495

JSON object : View

Products Affected

gnu

binutils

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-122

Heap-based Buffer Overflow

3.3 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

1.7 /10

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2025-11495

3.3^/10

1.7^/10

Attach tags to `CVE-2025-11495`