CVE-2025-14104
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk7th percentile - higher than 7% of all known CVEs
Summary
A flaw was found in util-linux that allows a heap buffer overread when processing 256-byte usernames in the `setpwnam()` function. This affects SUID login-utils utilities that write to the password database.
Risk Assessment
An attacker could exploit this vulnerability to read sensitive data from memory or cause unexpected system behavior, potentially leading to privilege escalation or information disclosure.
Recommendation
Immediately update the util-linux package to a patched version. If an update is not possible, restrict access to SUID login-utils utilities for unprivileged users.
Original NVD description (English source)
A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.

