AZL-66678

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-66678.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-66678

Upstream

CVE-2025-9403

Published

2025-08-25T03:15:37Z

Modified

2026-04-21T04:37:56.986989Z

Summary

CVE-2025-9403 affecting package jq for versions less than 1.6-5

Details

A vulnerability was determined in jqlang jq up to 1.6. Impacted is the function runjqtests of the file jq_test.c of the component JSON Parser. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Other versions might be affected as well.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-9403

Affected packages

Azure Linux:2 / jq

Package

Name: jq
Purl: pkg:rpm/azure-linux/jq

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6-5

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-66678.json"