VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-yswe-3wmd-h3hx

Essentials
Severities (35)
References (16)
Severity details (11)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-yswe-3wmd-h3hx
Aliases	CVE-2025-4802
Summary	Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).
Status	Published
Exploitability	0.5
Weighted Severity	7.6
Risk	3.8
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-426

Untrusted Search Path

System	Score	Found at
cvssv3	7.0	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4802.json
cvssv3	8.4	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4802.json
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	6e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
epss	9e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-4802
cvssv3.1	8.4	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.8	https://sourceware.org/bugzilla/show_bug.cgi?id=32976
cvssv3.1	9.8	https://sourceware.org/bugzilla/show_bug.cgi?id=32976
ssvc	Track	https://sourceware.org/bugzilla/show_bug.cgi?id=32976
ssvc	Track	https://sourceware.org/bugzilla/show_bug.cgi?id=32976
cvssv3.1	7.8	https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e
cvssv3.1	9.8	https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e
ssvc	Track	https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e
ssvc	Track	https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4802.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-4802
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4802
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		http://www.openwall.com/lists/oss-security/2025/05/16/7
		http://www.openwall.com/lists/oss-security/2025/05/17/2
2367468		https://bugzilla.redhat.com/show_bug.cgi?id=2367468
cpe:2.3:a:gnu:glibc::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc::::::::
CVE-2025-4802		https://nvd.nist.gov/vuln/detail/CVE-2025-4802
?id=1e18586c5820e329f741d5c710275e165581380e		https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e
RHSA-2025:8655		https://access.redhat.com/errata/RHSA-2025:8655
RHSA-2025:8686		https://access.redhat.com/errata/RHSA-2025:8686
RHSA-2025:9028		https://access.redhat.com/errata/RHSA-2025:9028
RHSA-2025:9336		https://access.redhat.com/errata/RHSA-2025:9336
show_bug.cgi?id=32976		https://sourceware.org/bugzilla/show_bug.cgi?id=32976
USN-7541-1		https://usn.ubuntu.com/7541-1/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4802.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4802.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://sourceware.org/bugzilla/show_bug.cgi?id=32976

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://sourceware.org/bugzilla/show_bug.cgi?id=32976

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-17T02:32:04Z/ Found at https://sourceware.org/bugzilla/show_bug.cgi?id=32976

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-20T13:47:23Z/ Found at https://sourceware.org/bugzilla/show_bug.cgi?id=32976

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-20T13:47:23Z/ Found at https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-17T02:32:04Z/ Found at https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e

Exploit Prediction Scoring System (EPSS)

Percentile	0.0114
EPSS Score	0.00012
Published At	May 21, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-05-18T13:26:12.143480+00:00	Debian Importer	Import	https://security-tracker.debian.org/tracker/data/json	36.0.0