Low severity3.3NVD Advisory· Published Apr 4, 2025· Updated May 12, 2026

CVE-2025-3198

Description

A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.

Affected products

GNU/Binutilsv5
Range: 2.43

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

vuldb.comnvdExploitThird Party AdvisoryVDB Entry
vuldb.comnvdThird Party AdvisoryVDB Entry
vuldb.comnvdPermissions RequiredVDB Entry
www.gnu.orgnvdProduct
cert-portal.siemens.com/productcert/html/ssa-082556.htmlnvd
cert-portal.siemens.com/productcert/html/ssa-265688.htmlnvd

News mentions

No linked articles in our index yet.

Severity

LowCVSS v3.1

3.3/ 10

CVSS v44.8

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack vector: Local
Complexity: Low
Privileges: Low
User interaction: None
Scope: Unchanged
Confidentiality: None
Integrity: None
Availability: Low

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

EPSS

Probability of exploitation in the next 30 days.

0.03%

VYPR risk score

Composite of severity, exploitation, and reach.

0.21low

cvss	0.214
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000

Weaknesses

CWE-401
Missing Release of Memory after Effective Lifetime
CWE-404
Improper Resource Shutdown or Release

CVE ID

CVE-2025-3198

Source code

Credits

HT
Haoxin Tu (VulDB User)
reporter