CVE-2025-9301
BaseFortify
Publication date: 2025-08-21
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| kitware | cmake | 4.1.20250725-gb5cce23 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-617 | The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in cmake version 4.1.20250725-gb5cce23, specifically in the function cmForEachFunctionBlocker::ReplayItems within the file cmForEachCommand.cxx. It causes a reachable assertion failure when exploited. The attack must be performed locally, and the exploit has been publicly disclosed. A patch is available to fix this issue.
How can this vulnerability impact me? :
The vulnerability can cause a reachable assertion failure in the affected cmake function, which may lead to a denial of service or instability in the software. Since the attack requires local access, it could be used by a local attacker to disrupt normal operation of cmake or related processes.
What immediate steps should I take to mitigate this vulnerability?
It is suggested to install the patch identified by commit 37e27f71bc356d880c908040cd0cb68fa2c371b8 to address this issue.