Medium Published: Dec 05, 2025

CVE-2025-14104

6.1 CVSS SCORE

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

Description

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.

CVSS Vector Details

Attack Vector Local

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope Unchanged

Confidentiality Low

Integrity None

Availability High

Weaknesses (CWE)

CWE-125

References & External Links

https://access.redhat.com/security/cve/CVE-2025-14104
https://bugzilla.redhat.com/show_bug.cgi?id=2419369

External Resources

NVD Official Record Exploit-DB Search Exploits CVE Details Statistics GitHub PoC / Tools X / Twitter Discussions Google Search More

← Back to CVE Tracker