Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-vcgu-7pzk-2udx
Vulnerability ID VCID-vcgu-7pzk-2udx
Aliases CVE-2025-1148
Summary binutils: GNU Binutils ld ldelfgen.c link_order_scan memory leak
Status Published
Exploitability 0.5
Weighted Severity 2.8
Risk 1.4
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-772 Missing Release of Resource after Effective Lifetime
CWE-401 Missing Release of Memory after Effective Lifetime
CWE-404 Improper Resource Shutdown or Release
System Score Found at
cvssv3 3.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1148.json
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2025-1148
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2025-1148
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2025-1148
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2025-1148
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2025-1148
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2025-1148
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2025-1148
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2025-1148
cvssv3.1 0 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 2.6 https://sourceware.org/bugzilla/attachment.cgi?id=15887
cvssv3 3.1 https://sourceware.org/bugzilla/attachment.cgi?id=15887
cvssv3.1 3.1 https://sourceware.org/bugzilla/attachment.cgi?id=15887
cvssv4 2.3 https://sourceware.org/bugzilla/attachment.cgi?id=15887
ssvc Track https://sourceware.org/bugzilla/attachment.cgi?id=15887
cvssv2 2.6 https://sourceware.org/bugzilla/show_bug.cgi?id=32576
cvssv3 3.1 https://sourceware.org/bugzilla/show_bug.cgi?id=32576
cvssv3.1 3.1 https://sourceware.org/bugzilla/show_bug.cgi?id=32576
cvssv4 2.3 https://sourceware.org/bugzilla/show_bug.cgi?id=32576
ssvc Track https://sourceware.org/bugzilla/show_bug.cgi?id=32576
cvssv2 2.6 https://vuldb.com/?ctiid.295052
cvssv3 3.1 https://vuldb.com/?ctiid.295052
cvssv3.1 3.1 https://vuldb.com/?ctiid.295052
cvssv4 2.3 https://vuldb.com/?ctiid.295052
ssvc Track https://vuldb.com/?ctiid.295052
cvssv2 2.6 https://vuldb.com/?id.295052
cvssv3 3.1 https://vuldb.com/?id.295052
cvssv3.1 3.1 https://vuldb.com/?id.295052
cvssv4 2.3 https://vuldb.com/?id.295052
ssvc Track https://vuldb.com/?id.295052
cvssv2 2.6 https://vuldb.com/?submit.485747
cvssv3 3.1 https://vuldb.com/?submit.485747
cvssv3.1 3.1 https://vuldb.com/?submit.485747
cvssv4 2.3 https://vuldb.com/?submit.485747
ssvc Track https://vuldb.com/?submit.485747
cvssv2 2.6 https://www.gnu.org/
cvssv3 3.1 https://www.gnu.org/
cvssv3.1 3.1 https://www.gnu.org/
cvssv4 2.3 https://www.gnu.org/
ssvc Track https://www.gnu.org/
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1148.json
https://api.first.org/data/v1/epss?cve=CVE-2025-1148
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1148
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2344652 https://bugzilla.redhat.com/show_bug.cgi?id=2344652
attachment.cgi?id=15887 https://sourceware.org/bugzilla/attachment.cgi?id=15887
?ctiid.295052 https://vuldb.com/?ctiid.295052
?id.295052 https://vuldb.com/?id.295052
show_bug.cgi?id=32576 https://sourceware.org/bugzilla/show_bug.cgi?id=32576
?submit.485747 https://vuldb.com/?submit.485747
USN-7847-1 https://usn.ubuntu.com/7847-1/
www.gnu.org https://www.gnu.org/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1148.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P Found at https://sourceware.org/bugzilla/attachment.cgi?id=15887
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://sourceware.org/bugzilla/attachment.cgi?id=15887
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://sourceware.org/bugzilla/attachment.cgi?id=15887
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Found at https://sourceware.org/bugzilla/attachment.cgi?id=15887
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T14:32:01Z/ Found at https://sourceware.org/bugzilla/attachment.cgi?id=15887
Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P Found at https://sourceware.org/bugzilla/show_bug.cgi?id=32576
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://sourceware.org/bugzilla/show_bug.cgi?id=32576
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://sourceware.org/bugzilla/show_bug.cgi?id=32576
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Found at https://sourceware.org/bugzilla/show_bug.cgi?id=32576
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T14:32:01Z/ Found at https://sourceware.org/bugzilla/show_bug.cgi?id=32576
Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P Found at https://vuldb.com/?ctiid.295052
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://vuldb.com/?ctiid.295052
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://vuldb.com/?ctiid.295052
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Found at https://vuldb.com/?ctiid.295052
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T14:32:01Z/ Found at https://vuldb.com/?ctiid.295052
Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P Found at https://vuldb.com/?id.295052
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://vuldb.com/?id.295052
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://vuldb.com/?id.295052
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Found at https://vuldb.com/?id.295052
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T14:32:01Z/ Found at https://vuldb.com/?id.295052
Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P Found at https://vuldb.com/?submit.485747
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://vuldb.com/?submit.485747
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://vuldb.com/?submit.485747
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Found at https://vuldb.com/?submit.485747
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T14:32:01Z/ Found at https://vuldb.com/?submit.485747
Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P Found at https://www.gnu.org/
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://www.gnu.org/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://www.gnu.org/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Found at https://www.gnu.org/
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T14:32:01Z/ Found at https://www.gnu.org/
Exploit Prediction Scoring System (EPSS)
Percentile 0.21985
EPSS Score 0.00072
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:42:50.532518+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1148.json 38.0.0