Medium severity5.3NVD Advisory· Published Jul 13, 2025· Updated May 12, 2026

CVE-2025-7545

Description

A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A heap-based buffer overflow in GNU Binutils 2.45's objcopy allows local attackers to cause a crash or potentially execute arbitrary code via a crafted object file.

Vulnerability

A heap-based buffer overflow vulnerability exists in GNU Binutils version 2.45, specifically in the copy_section function of binutils/objcopy.c. The issue arises from insufficient bounds checking when copying section data, leading to memory corruption on the heap.

Exploitation

Exploitation requires local access to the system. An attacker must provide a specially crafted object file that triggers the overflow when processed by objcopy. No special privileges are needed beyond local user access, making it a moderately low-barrier attack vector.

Impact

Successful exploitation could result in a denial-of-service condition (crash) or potentially arbitrary code execution in the context of the user running objcopy. The severity is rated Medium (CVSS 5.3) due to the local attack requirement.

Mitigation

The vendor has released a patch identified by commit 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. Users are advised to apply this patch promptly. Siemens has acknowledged the vulnerability in their product lines, including SIMATIC S7-1500 TM MFP and S7-1500 CPU families [1][2], and recommends updating affected GNU/Linux subsystems.

References

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

GNU/Binutils2 versions
cpe:2.3:a:gnu:binutils:2.45:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gnu:binutils:2.45:*:*:*:*:*:*:*
- (no CPE)range: =2.45

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

vuldb.comnvdThird Party AdvisoryVDB Entry
vuldb.comnvdThird Party AdvisoryVDB Entry
sourceware.org/bugzilla/attachment.cginvdBroken Link
sourceware.org/bugzilla/show_bug.cginvdIssue Tracking
sourceware.org/bugzilla/show_bug.cginvdIssue Tracking
vuldb.comnvdPermissions RequiredVDB Entry
www.gnu.orgnvdProduct
cert-portal.siemens.com/productcert/html/ssa-082556.htmlnvd
cert-portal.siemens.com/productcert/html/ssa-265688.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000