High severity8.8NVD Advisory· Published Dec 3, 2025· Updated Apr 15, 2026
CVE-2025-12744
CVE-2025-12744
Description
A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command (docker inspect %s) without proper validation. An unprivileged local user can craft a payload that injects shell metacharacters, causing the root-running ABRT process to execute attacker-controlled commands and ultimately gain full root privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
24- osv-coords22 versionspkg:rpm/almalinux/abrtpkg:rpm/almalinux/abrt-addon-ccpppkg:rpm/almalinux/abrt-addon-coredump-helperpkg:rpm/almalinux/abrt-addon-kerneloopspkg:rpm/almalinux/abrt-addon-pstoreoopspkg:rpm/almalinux/abrt-addon-vmcorepkg:rpm/almalinux/abrt-addon-xorgpkg:rpm/almalinux/abrt-clipkg:rpm/almalinux/abrt-cli-ngpkg:rpm/almalinux/abrt-console-notificationpkg:rpm/almalinux/abrt-dbuspkg:rpm/almalinux/abrt-desktoppkg:rpm/almalinux/abrt-guipkg:rpm/almalinux/abrt-gui-libspkg:rpm/almalinux/abrt-libspkg:rpm/almalinux/abrt-plugin-machine-idpkg:rpm/almalinux/abrt-plugin-sosreportpkg:rpm/almalinux/abrt-tuipkg:rpm/almalinux/python3-abrtpkg:rpm/almalinux/python3-abrt-addonpkg:rpm/almalinux/python3-abrt-container-addonpkg:rpm/almalinux/python3-abrt-doc
< 2.10.9-25.el8_10.alma.1+ 21 more
- (no CPE)range: < 2.10.9-25.el8_10.alma.1
- (no CPE)range: < 2.10.9-25.el8_10.alma.1
- (no CPE)range: < 2.10.9-25.el8_10.alma.1
- (no CPE)range: < 2.10.9-25.el8_10.alma.1
- (no CPE)range: < 2.10.9-25.el8_10.alma.1
- (no CPE)range: < 2.10.9-25.el8_10.alma.1
- (no CPE)range: < 2.10.9-25.el8_10.alma.1
- (no CPE)range: < 2.10.9-25.el8_10.alma.1
- (no CPE)range: < 2.10.9-25.el8_10.alma.1
- (no CPE)range: < 2.10.9-25.el8_10.alma.1
- (no CPE)range: < 2.10.9-25.el8_10.alma.1
- (no CPE)range: < 2.10.9-25.el8_10.alma.1
- (no CPE)range: < 2.10.9-25.el8_10.alma.1
- (no CPE)range: < 2.10.9-25.el8_10.alma.1
- (no CPE)range: < 2.10.9-25.el8_10.alma.1
- (no CPE)range: < 2.10.9-25.el8_10.alma.1
- (no CPE)range: < 2.10.9-25.el8_10.alma.1
- (no CPE)range: < 2.10.9-25.el8_10.alma.1
- (no CPE)range: < 2.10.9-25.el8_10.alma.1
- (no CPE)range: < 2.10.9-25.el8_10.alma.1
- (no CPE)range: < 2.10.9-25.el8_10.alma.1
- (no CPE)range: < 2.10.9-25.el8_10.alma.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.