CVEFinder.io

CVE-2025-12744

⚠️ high
Summary

A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command (docker inspect %s) without proper validation. An unprivileged local user can craft a payload that injects shell metacharacters, causing the root-running ABRT process to execute attacker-controlled commands and ultimately gain full root privileges.

CVSS Score
8.8
High
EPSS Score
0.0
Exploit Probability
Published Date
2025-12-03
First Seen: 2026-01-05
Last Modified 2025-12-04
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-78

🔗 References 2

https://access.redhat.com/security/cve/CVE-2025-12744
https://bugzilla.redhat.com/show_bug.cgi?id=2412467

📦 Affected Products 1

Vendor Product Status Affected Versions
red_hat red_hat_enterprise_linux_6 Affected All versions

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2025-14512 🔶 medium 6.5 0.1 A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer ov... 2025-12-11
CVE-2025-14087 🔶 medium 5.6 0.3 A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a... 2025-12-10
CVE-2025-66287 ⚠️ high 8.8 0.1 A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper me... 2025-12-04
CVE-2025-13502 ⚠️ high 7.5 0.1 A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, lea... 2025-11-25
CVE-2025-13193 🔶 medium 5.5 0.0 A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, ma... 2025-11-17
CVE-2025-12748 🔶 medium 5.5 0.1 A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files w... 2025-11-11
These CVEs affect the same products