CVE-2025-9301

Опубликовано: 21 авг. 2025

Источник: redhat

CVSS3: 3.3

EPSS Низкий

Описание

A vulnerability was determined in cmake 4.1.20250725-gb5cce23. This affects the function cmForEachFunctionBlocker::ReplayItems of the file cmForEachCommand.cxx. This manipulation causes reachable assertion. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. Patch name: 37e27f71bc356d880c908040cd0cb68fa2c371b8. It is suggested to install a patch to address this issue.

A reachable assertion flaw has been discovered in the Cmake build system. A local attacker who can construct crafted input could reach this assertion and cause a program crash.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	cmake	Fix deferred
Red Hat Enterprise Linux 6	cmake	Out of support scope
Red Hat Enterprise Linux 7	cmake	Out of support scope
Red Hat Enterprise Linux 8	cmake	Fix deferred
Red Hat Enterprise Linux 9	cmake	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-617

https://bugzilla.redhat.com/show_bug.cgi?id=2390085cmake: cmake reachable assertion

EPSS

Процентиль: 4%

0.00019

Низкий

3.3 Low

CVSS3

Связанные уязвимости

CVE-2025-9301

CVSS3: 3.3

ubuntu

2 месяца назад

CVE-2025-9301

CVSS3: 3.3

nvd

2 месяца назад

CVE-2025-9301

CVSS3: 3.3

msrc

2 месяца назад

cmake cmForEachCommand.cxx ReplayItems assertion

CVE-2025-9301

CVSS3: 3.3

debian

2 месяца назад

A vulnerability was determined in cmake 4.1.20250725-gb5cce23. This af ...

SUSE-SU-2025:3812-1

suse-cvrf

6 дней назад

Security update for cmake

EPSS

Процентиль: 4%

0.00019

Низкий

3.3 Low

CVSS3