VYPR
High severity8.8NVD Advisory· Published Dec 3, 2025· Updated Apr 15, 2026

CVE-2025-12744

CVE-2025-12744

Description

A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command (docker inspect %s) without proper validation. An unprivileged local user can craft a payload that injects shell metacharacters, causing the root-running ABRT process to execute attacker-controlled commands and ultimately gain full root privileges.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

24

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.