CVE Catalog

CVE-2025-14104

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

7th percentile - higher than 7% of all known CVEs

Summary

A flaw was found in util-linux that allows a heap buffer overread when processing 256-byte usernames in the `setpwnam()` function. This affects SUID login-utils utilities that write to the password database.

Risk Assessment

An attacker could exploit this vulnerability to read sensitive data from memory or cause unexpected system behavior, potentially leading to privilege escalation or information disclosure.

Recommendation

Immediately update the util-linux package to a patched version. If an update is not possible, restrict access to SUID login-utils utilities for unprivileged users.

Original NVD description (English source)

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS