CVE-2025-29481

{"id": "CVE-2025-29481", "cveTags": [{"tags": ["disputed"], "sourceIdentifier": "cve@mitre.org"}], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.5}]}, "published": "2025-04-07T20:15:20.720", "references": [{"url": "https://github.com/lmarch2/poc/blob/main/libbpf/libbpf.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/lmarch2/poc/blob/main/libbpf/libbpf.md", "tags": ["Exploit", "Third Party Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpf_object__init_prog` function of libbpf. This has been disputed by third parties who assert that \"no one in their sane mind should be passing untrusted ELF files into libbpf while running under root.\""}, {"lang": "es", "value": "La vulnerabilidad de desbordamiento de b\u00fafer en libbpf 1.5.0 permite a un atacante local ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n bpf_object__init_prog` de libbpf."}], "lastModified": "2026-02-25T08:16:18.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:libbpf_project:libbpf:1.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52AFBD8E-3CAC-483B-8DB8-CAC1C20E36EB"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}