CVE-2025-14104

MEDIUM EPSS 7.3%

Published Dec 5, 20256mo ago · Modified Jun 17, 20261w ago

6.1 CVSS 3.1

Medium

Published Dec 5, 2025 6mo ago

Last Modified Jun 17, 2026 1w ago

Description

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.

CVSS Details

Base Score

6.1

Exploitability

1.8

Impact

4.2

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

Attack Vector Local

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope Unchanged

Confidentiality Low

Integrity None

Availability High

Threat Intelligence

EPSS Exploit Probability

7.3% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-125 Out-of-bounds Read Memory Safety

References 12

access.redhat.com https://access.redhat.com/errata/RHSA-2026:1696
access.redhat.com https://access.redhat.com/errata/RHSA-2026:1852
access.redhat.com https://access.redhat.com/errata/RHSA-2026:1913
access.redhat.com https://access.redhat.com/errata/RHSA-2026:2485
access.redhat.com https://access.redhat.com/errata/RHSA-2026:2563
access.redhat.com https://access.redhat.com/errata/RHSA-2026:2737
access.redhat.com https://access.redhat.com/errata/RHSA-2026:2800
access.redhat.com https://access.redhat.com/errata/RHSA-2026:3406
access.redhat.com https://access.redhat.com/errata/RHSA-2026:4943
access.redhat.com https://access.redhat.com/errata/RHSA-2026:7180
access.redhat.com https://access.redhat.com/security/cve/CVE-2025-14104
bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2419369

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.