VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-g64s-zybh-bbdx

Essentials
Severities (28)
References (22)
Severity details (6)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-g64s-zybh-bbdx
Aliases	CVE-2025-4802
Summary	Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).
Status	Published
Exploitability	0.5
Weighted Severity	6.3
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-426

Untrusted Search Path

System	Score	Found at
cvssv3	7.0	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4802.json
epss	0.00011	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	0.00011	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	0.00011	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	0.00011	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	0.00011	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	8e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	8e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	8e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	8e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	8e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	8e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	8e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	8e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	8e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	8e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	8e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	8e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	8e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	8e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	8e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	8e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	8e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
cvssv3.1	8.4	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.8	https://sourceware.org/bugzilla/show_bug.cgi?id=32976
ssvc	Track	https://sourceware.org/bugzilla/show_bug.cgi?id=32976
cvssv3.1	7.8	https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e
ssvc	Track	https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4802.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-4802
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4802
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		http://www.openwall.com/lists/oss-security/2025/05/16/7
		http://www.openwall.com/lists/oss-security/2025/05/17/2
2367468		https://bugzilla.redhat.com/show_bug.cgi?id=2367468
cpe:2.3:a:gnu:glibc::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc::::::::
CVE-2025-4802		https://nvd.nist.gov/vuln/detail/CVE-2025-4802
?id=1e18586c5820e329f741d5c710275e165581380e		https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e
RHSA-2025:10219		https://access.redhat.com/errata/RHSA-2025:10219
RHSA-2025:10220		https://access.redhat.com/errata/RHSA-2025:10220
RHSA-2025:10294		https://access.redhat.com/errata/RHSA-2025:10294
RHSA-2025:11487		https://access.redhat.com/errata/RHSA-2025:11487
RHSA-2025:8655		https://access.redhat.com/errata/RHSA-2025:8655
RHSA-2025:8686		https://access.redhat.com/errata/RHSA-2025:8686
RHSA-2025:9028		https://access.redhat.com/errata/RHSA-2025:9028
RHSA-2025:9336		https://access.redhat.com/errata/RHSA-2025:9336
RHSA-2025:9725		https://access.redhat.com/errata/RHSA-2025:9725
RHSA-2025:9750		https://access.redhat.com/errata/RHSA-2025:9750
show_bug.cgi?id=32976		https://sourceware.org/bugzilla/show_bug.cgi?id=32976
USN-7541-1		https://usn.ubuntu.com/7541-1/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4802.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://sourceware.org/bugzilla/show_bug.cgi?id=32976

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-20T13:47:23Z/ Found at https://sourceware.org/bugzilla/show_bug.cgi?id=32976

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-20T13:47:23Z/ Found at https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e

Exploit Prediction Scoring System (EPSS)

Percentile	0.00896
EPSS Score	0.00011
Published At	Sept. 16, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:54:34.651486+00:00	Ubuntu USN Importer	Import	https://usn.ubuntu.com/7541-1/	37.0.0