Medium severity6.1NVD Advisory· Published Dec 5, 2025· Updated Apr 19, 2026
CVE-2025-14104
CVE-2025-14104
Description
A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam() function, affecting SUID (Set User ID) login-utils utilities writing to the password database.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- access.redhat.com/errata/RHSA-2026:1696nvd
- access.redhat.com/errata/RHSA-2026:1852nvd
- access.redhat.com/errata/RHSA-2026:1913nvd
- access.redhat.com/errata/RHSA-2026:2485nvd
- access.redhat.com/errata/RHSA-2026:2563nvd
- access.redhat.com/errata/RHSA-2026:2737nvd
- access.redhat.com/errata/RHSA-2026:2800nvd
- access.redhat.com/errata/RHSA-2026:3406nvd
- access.redhat.com/errata/RHSA-2026:4943nvd
- access.redhat.com/errata/RHSA-2026:7180nvd
- access.redhat.com/security/cve/CVE-2025-14104nvd
- bugzilla.redhat.com/show_bug.cginvd
News mentions
0No linked articles in our index yet.