AZL-66557

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-66557.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-66557

Upstream

CVE-2025-9301

Published

2025-08-21T14:15:44Z

Modified

2026-04-21T04:37:54.576396Z

Summary

CVE-2025-9301 affecting package cmake for versions less than 3.30.3-9

Details

A vulnerability was determined in cmake 4.1.20250725-gb5cce23. This affects the function cmForEachFunctionBlocker::ReplayItems of the file cmForEachCommand.cxx. This manipulation causes reachable assertion. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. Patch name: 37e27f71bc356d880c908040cd0cb68fa2c371b8. It is suggested to install a patch to address this issue.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-9301

Affected packages

Azure Linux:3 / cmake

Package

Name: cmake
Purl: pkg:rpm/azure-linux/cmake

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.30.3-9

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-66557.json"