CVE-2025-4802

HIGH

GNU C Library <2.39 - Code Injection

Title source: llm

Description

Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).

Exploits (1)

nomisec WORKING POC 1 stars

by Betim-Hodza · poc

https://github.com/Betim-Hodza/CVE-2025-4802-Proof-of-Concept

View Code ZIP pw:eip

References (5)

[Issue Tracking] https://sourceware.org/bugzilla/show_bug.cgi?id=32976

[Patch] https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e

[Mailing List] http://www.openwall.com/lists/oss-security/2025/05/16/7

[Exploit, Mailing List] http://www.openwall.com/lists/oss-security/2025/05/17/2

[Mailing List] https://lists.debian.org/debian-lts-announce/2025/05/msg00033.html

Scores

CVSS v3 7.8

EPSS 0.0004

EPSS Percentile 13.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-426

Status published

Products (1)

gnu/glibc 2.27 - 2.38

Published May 16, 2025

Tracked Since Feb 18, 2026