CVE-2025-11494
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-08

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-08
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-10-08
EPSS Evaluated
2026-06-14
NVD
CVE-2025-11494
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gnu binutils 2.45
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

Apply the patch identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a to the GNU Binutils 2.45 component to remediate the issue.

Executive Summary

This vulnerability exists in GNU Binutils 2.45 within the function _bfd_x86_elf_late_size_sections in the file bfd/elfxx-x86.c of the Linker component. It causes an out-of-bounds read due to improper manipulation. The vulnerability requires local access to exploit and the exploit code has been made public. Applying the provided patch can remediate the issue.

Impact Analysis

The vulnerability can lead to an out-of-bounds read which may cause a denial of service or other impacts related to reading invalid memory. Since it requires local access, an attacker must have some level of access to the system to exploit it. The impact is limited to availability as there is no confidentiality or integrity loss indicated.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11494. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart