CVE-2025-12744

HIGH

Red Hat ABRT - Command Injection via Mount Information

Title source: llm

Description

A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command (docker inspect %s) without proper validation. An unprivileged local user can craft a payload that injects shell metacharacters, causing the root-running ABRT process to execute attacker-controlled commands and ultimately gain full root privileges.

Exploits (1)

nomisec WORKING POC 6 stars
by initstring · poc
https://github.com/initstring/abrt_root

References (2)

Scores

CVSS v3 8.8
EPSS 0.0004
EPSS Percentile 11.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (3)
Red Hat/Red Hat Enterprise Linux 6
Red Hat/Red Hat Enterprise Linux 7
Red Hat/Red Hat Enterprise Linux 8
Published Dec 03, 2025
Tracked Since Feb 18, 2026