CVE-2025-12744

Source
https://cve.org/CVERecord?id=CVE-2025-12744
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-12744.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-12744
Downstream
Related
Published
2025-12-03T08:33:06.547Z
Modified
2026-07-08T08:11:56.111141483Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
Abrt: command-injection in abrt leading to local privilege escalation
Details

A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command (docker inspect %s) without proper validation. An unprivileged local user can craft a payload that injects shell metacharacters, causing the root-running ABRT process to execute attacker-controlled commands and ultimately gain full root privileges.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/12xxx/CVE-2025-12744.json",
    "cna_assigner": "fedora",
    "cwe_ids": [
        "CWE-78"
    ]
}
References

Affected packages

Git / github.com/abrt/abrt

Affected ranges

Type
GIT
Repo
https://github.com/abrt/abrt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.17.7"
        }
    ]
}

Affected versions

0.*
0.0.2
0.0.3
0.0.4
0.0.6
0.0.7
0.0.7.1
0.0.8
0.0.8.5
0.0.9
1.*
1.0.3
1.0.8
1.0.9
1.1.10
1.1.11
1.1.12
1.1.13
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.8
1.1.9
2.*
2.0.0
2.0.1
2.0.11
2.0.12
2.0.13
2.0.14
2.0.15
2.0.16
2.0.17
2.0.18
2.0.19
2.0.20
2.0.3
2.0.4
2.0.4.980
2.0.4.981
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.1.0
2.1.1
2.1.10
2.1.11
2.1.12
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.10.0
2.10.1
2.10.10
2.10.2
2.10.3
2.10.5
2.10.6
2.10.7
2.10.8
2.10.9
2.11.0
2.11.1
2.12.0
2.12.1
2.12.2
2.13.0
2.14.0
2.14.1
2.14.2
2.14.3
2.14.4
2.14.5
2.14.6
2.15.0
2.15.1
2.16.0
2.16.1
2.17.0
2.17.1
2.17.2
2.17.4
2.17.5
2.2.0
2.2.1
2.2.2
2.3.0
2.4.0
2.5.0
2.5.1
2.6.0
2.6.1
2.6.2
2.6.3
2.7.0
2.7.1
2.7.2
2.8.0
2.8.1
2.8.2
2.9.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-12744.json"