Description

Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).

INFO

Published Date :

2025-05-16T19:32:50.586Z

Last Modified :

2026-02-26T18:28:07.077Z

Source :

glibc
AFFECTED PRODUCTS

The following products are affected by CVE-2025-4802 vulnerability.

Vendors Products
Gnu
  • Glibc
Redhat
  • Discovery
  • Enterprise Linux
  • Openshift
  • Rhel Aus
  • Rhel Els
  • Rhel Eus
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-4802.

URL Resource
http://www.openwall.com/lists/oss-security/2025/05/16/7 cve-icon
http://www.openwall.com/lists/oss-security/2025/05/17/2 cve-icon
https://lists.debian.org/debian-lts-announce/2025/05/msg00033.html cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-4802 cve-icon
https://sourceware.org/bugzilla/show_bug.cgi?id=32976 cve-icon cve-icon
https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-4802 cve-icon
https://www.openwall.com/lists/oss-security/2025/05/16/7 cve-icon
https://www.openwall.com/lists/oss-security/2025/05/17/2 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact