High severity7.8NVD Advisory· Published Jul 4, 2025· Updated Apr 15, 2026

CVE-2025-49809

Description

mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTR_PACKET environment variable. NOTE: mtr on macOS may often have Sudo rules, as an indirect consequence of Homebrew not installing setuid binaries.

Patches

5226f105f087

https://github.com/traviscross/mtrvia osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/Homebrew/homebrew-core/issues/35085nvd
github.com/traviscross/mtr/blob/master/SECURITYnvd
github.com/traviscross/mtr/commit/5226f105f087c29d3cfad9f28000e7536af91ac6nvd

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000