4.7

CVE-2025-4598

Exploit

EPSS 0.05%
Published 30.05.2025 13:13:26
Last modified 27.08.2025 17:16:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.

A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.

Affected products Warnungen 0 Metrics 2 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

Systemd Project ≫ Systemd Version < 252.37

Systemd Project ≫ Systemd Version >= 253 < 253.32

Systemd Project ≫ Systemd Version >= 254 < 254.25

Systemd Project ≫ Systemd Version >= 255 < 255.19

Systemd Project ≫ Systemd Version >= 256 < 256.14

Systemd Project ≫ Systemd Version >= 257 < 257.6

Redhat ≫ Openshift Container Platform Version4.0

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Version9.0

Redhat ≫ Enterprise Linux Version10.0

Debian ≫ Debian Linux Version11.0

Debian ≫ Debian Linux Version12.0

Oracle ≫ Linux Version8 Update-

Oracle ≫ Linux Version9 Update-

Linux ≫ Linux Kernel Version < 6.16

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.168

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
secalert@redhat.com	4.7	1	3.6	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-364 Signal Handler Race Condition

The product uses a signal handler that introduces a race condition.

https://access.redhat.com/security/cve/CVE-2025-4598

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2369242

Issue Tracking

https://www.openwall.com/lists/oss-security/2025/05/29/3

Mailing List

http://www.openwall.com/lists/oss-security/2025/06/05/1

Mailing List

http://www.openwall.com/lists/oss-security/2025/06/05/3

Mailing List

https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598

Third Party Advisory

Exploit

https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/

Third Party Advisory

Exploit

https://www.openwall.com/lists/oss-security/2025/08/18/3

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2025-4598

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-4598

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-4598

EUVD