Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-4k1k-tmj9-zyar
Vulnerability ID VCID-4k1k-tmj9-zyar
Aliases CVE-2025-1152
Summary binutils: GNU Binutils ld xstrdup.c xstrdup memory leak
Status Published
Exploitability 0.5
Weighted Severity 2.8
Risk 1.4
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-772 Missing Release of Resource after Effective Lifetime
CWE-401 Missing Release of Memory after Effective Lifetime
CWE-404 Improper Resource Shutdown or Release
System Score Found at
cvssv3 3.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1152.json
epss 0.00048 https://api.first.org/data/v1/epss?cve=CVE-2025-1152
epss 0.00048 https://api.first.org/data/v1/epss?cve=CVE-2025-1152
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2025-1152
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2025-1152
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2025-1152
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2025-1152
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2025-1152
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2025-1152
cvssv3.1 0 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 2.6 https://sourceware.org/bugzilla/attachment.cgi?id=15887
cvssv3 3.1 https://sourceware.org/bugzilla/attachment.cgi?id=15887
cvssv3.1 3.1 https://sourceware.org/bugzilla/attachment.cgi?id=15887
cvssv4 2.3 https://sourceware.org/bugzilla/attachment.cgi?id=15887
ssvc Track https://sourceware.org/bugzilla/attachment.cgi?id=15887
cvssv2 2.6 https://sourceware.org/bugzilla/show_bug.cgi?id=32576
cvssv3 3.1 https://sourceware.org/bugzilla/show_bug.cgi?id=32576
cvssv3.1 3.1 https://sourceware.org/bugzilla/show_bug.cgi?id=32576
cvssv4 2.3 https://sourceware.org/bugzilla/show_bug.cgi?id=32576
ssvc Track https://sourceware.org/bugzilla/show_bug.cgi?id=32576
cvssv2 2.6 https://vuldb.com/?ctiid.295056
cvssv3 3.1 https://vuldb.com/?ctiid.295056
cvssv3.1 3.1 https://vuldb.com/?ctiid.295056
cvssv4 2.3 https://vuldb.com/?ctiid.295056
ssvc Track https://vuldb.com/?ctiid.295056
cvssv2 2.6 https://vuldb.com/?id.295056
cvssv3 3.1 https://vuldb.com/?id.295056
cvssv3.1 3.1 https://vuldb.com/?id.295056
cvssv4 2.3 https://vuldb.com/?id.295056
ssvc Track https://vuldb.com/?id.295056
cvssv2 2.6 https://www.gnu.org/
cvssv3 3.1 https://www.gnu.org/
cvssv3.1 3.1 https://www.gnu.org/
cvssv4 2.3 https://www.gnu.org/
ssvc Track https://www.gnu.org/
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1152.json
https://api.first.org/data/v1/epss?cve=CVE-2025-1152
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1152
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2344723 https://bugzilla.redhat.com/show_bug.cgi?id=2344723
attachment.cgi?id=15887 https://sourceware.org/bugzilla/attachment.cgi?id=15887
?ctiid.295056 https://vuldb.com/?ctiid.295056
?id.295056 https://vuldb.com/?id.295056
show_bug.cgi?id=32576 https://sourceware.org/bugzilla/show_bug.cgi?id=32576
www.gnu.org https://www.gnu.org/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1152.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P Found at https://sourceware.org/bugzilla/attachment.cgi?id=15887
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://sourceware.org/bugzilla/attachment.cgi?id=15887
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://sourceware.org/bugzilla/attachment.cgi?id=15887
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Found at https://sourceware.org/bugzilla/attachment.cgi?id=15887
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T18:11:21Z/ Found at https://sourceware.org/bugzilla/attachment.cgi?id=15887
Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P Found at https://sourceware.org/bugzilla/show_bug.cgi?id=32576
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://sourceware.org/bugzilla/show_bug.cgi?id=32576
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://sourceware.org/bugzilla/show_bug.cgi?id=32576
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Found at https://sourceware.org/bugzilla/show_bug.cgi?id=32576
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T18:11:21Z/ Found at https://sourceware.org/bugzilla/show_bug.cgi?id=32576
Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P Found at https://vuldb.com/?ctiid.295056
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://vuldb.com/?ctiid.295056
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://vuldb.com/?ctiid.295056
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Found at https://vuldb.com/?ctiid.295056
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T18:11:21Z/ Found at https://vuldb.com/?ctiid.295056
Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P Found at https://vuldb.com/?id.295056
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://vuldb.com/?id.295056
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://vuldb.com/?id.295056
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Found at https://vuldb.com/?id.295056
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T18:11:21Z/ Found at https://vuldb.com/?id.295056
Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P Found at https://www.gnu.org/
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://www.gnu.org/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://www.gnu.org/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Found at https://www.gnu.org/
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T18:11:21Z/ Found at https://www.gnu.org/
Exploit Prediction Scoring System (EPSS)
Percentile 0.14947
EPSS Score 0.00048
Published At April 12, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:42:50.369715+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1152.json 38.0.0