CVE-2025-7545

MEDIUM

GNU Binutils <2.45 - Heap-based Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-7545. PoCs published by alxsourin.

AI-analyzed exploit summary This repository contains a functional PoC for CVE-2025-7545, demonstrating a heap-buffer-overflow in Binutils' objcopy when processing firmware files. The setup script configures a vulnerable environment and includes tools to trigger the vulnerability via crafted firmware inputs.

Description

A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.

Exploits (1)

nomisec WORKING POC

by alxsourin · poc

https://github.com/alxsourin/Firmware-CVE-2025-7545

View Code ZIP pw:eip

This repository contains a functional PoC for CVE-2025-7545, demonstrating a heap-buffer-overflow in Binutils' objcopy when processing firmware files. The setup script configures a vulnerable environment and includes tools to trigger the vulnerability via crafted firmware inputs.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Binutils (objcopy) version 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944^1

No auth needed

Prerequisites: Vulnerable Binutils version · Ability to execute objcopy with crafted firmware files

MITRE ATT&CK