DEBIAN-CVE-2025-9301

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2025-9301
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-9301.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2025-9301
Upstream
Published
2025-08-21T14:15:44.137Z
Modified
2025-12-14T10:13:27.439943Z
Severity
  • 1.9 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
Summary
[none]
Details

A vulnerability was determined in cmake 4.1.20250725-gb5cce23. This affects the function cmForEachFunctionBlocker::ReplayItems of the file cmForEachCommand.cxx. This manipulation causes reachable assertion. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. Patch name: 37e27f71bc356d880c908040cd0cb68fa2c371b8. It is suggested to install a patch to address this issue.

References

Affected packages

Debian:11 / cmake

Package

Name
cmake
Purl
pkg:deb/debian/cmake?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.18.4-2
3.18.4-2+deb11u1~bpo10+1
3.18.4-2+deb11u1
3.21.2-1
3.21.3-1
3.21.3-2
3.21.3-3
3.21.3-4~bpo11+1
3.21.3-4
3.21.3-5~bpo11+1
3.21.3-5
3.21.4-1~bpo11+1
3.21.4-1
3.22.0-1~bpo11+1
3.22.0-1
3.22.1-1~bpo11+1
3.22.1-1
3.23.0-1~bpo11+1
3.23.0-1
3.23.1-1~bpo11+1
3.23.1-1
3.23.1-2~bpo11+1
3.23.1-2
3.23.2-1~bpo11+1
3.23.2-1
3.23.3-1~bpo11+1
3.23.3-1
3.24.0-1~bpo11+1
3.24.0-1
3.24.1-1~bpo11+1
3.24.1-1
3.24.2-1~bpo11+1
3.24.2-1
3.24.2-2
3.24.3-1~bpo11+1
3.24.3-1
3.25.0-1
3.25.0-2
3.25.0-3~bpo11+1
3.25.0-3
3.25.1-1~bpo11+1
3.25.1-1
3.26.4-1
3.26.4-2
3.26.4-3
3.26.4-4~bpo12+1
3.26.4-4
3.27.0~rc4-1
3.27.0~rc4-2
3.27.0~rc4-3
3.27.0~rc5-1
3.27.0-1
3.27.0-2
3.27.1-1
3.27.1-2
3.27.2-1~bpo12+1
3.27.2-1
3.27.3-1
3.27.4-1~bpo12+1
3.27.4-1
3.27.5-1~bpo12+1
3.27.5-1
3.27.6-1~bpo12+1
3.27.6-1
3.27.7-1~bpo12+1
3.27.7-1
3.27.8-1~bpo12+1
3.27.8-1
3.27.9-1~bpo12+1
3.27.9-1
3.28.0-1
3.28.1-1~bpo12+1
3.28.1-1
3.28.2-1
3.28.3-1~bpo12+1
3.28.3-1
3.29.2-1
3.29.2-2~bpo12+1
3.29.2-2
3.29.3-1~bpo12+1
3.29.3-1
3.29.4-1~bpo12+1
3.29.4-1
3.29.5-1~bpo12+1
3.29.5-1
3.29.6-1~bpo12+1
3.29.6-1
3.30.0-1
3.30.1-1
3.30.2-1
3.30.2-2~bpo12+1
3.30.2-2
3.30.3-1~bpo12+1
3.30.3-1
3.30.4-1~bpo12+1
3.30.4-1
3.30.5-1~bpo12+1
3.30.5-1
3.30.5-1.1
3.31.0-1
3.31.0-2
3.31.1-1
3.31.2-1
3.31.3-1
3.31.4-2~bpo12+1
3.31.4-2
3.31.5-1~bpo12+1
3.31.5-1
3.31.5-2~bpo12+1
3.31.5-2
3.31.6-1~bpo12+1
3.31.6-1
3.31.6-2~bpo12+1
3.31.6-2

4.*

4.0.0-1
4.0.1-1
4.0.2-1
4.0.3-1
4.1.0-1
4.1.1-1
4.1.1-2
4.1.1+really3.31.6-1
4.1.1+really3.31.6-2
4.1.1+really4.1.1-1
4.1.2-1
4.2.0-1
4.2.0-2
4.2.1-1

Ecosystem specific 

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-9301.json"

Debian:12 / cmake

Package

Name
cmake
Purl
pkg:deb/debian/cmake?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.25.1-1
3.26.4-1
3.26.4-2
3.26.4-3
3.26.4-4~bpo12+1
3.26.4-4
3.27.0~rc4-1
3.27.0~rc4-2
3.27.0~rc4-3
3.27.0~rc5-1
3.27.0-1
3.27.0-2
3.27.1-1
3.27.1-2
3.27.2-1~bpo12+1
3.27.2-1
3.27.3-1
3.27.4-1~bpo12+1
3.27.4-1
3.27.5-1~bpo12+1
3.27.5-1
3.27.6-1~bpo12+1
3.27.6-1
3.27.7-1~bpo12+1
3.27.7-1
3.27.8-1~bpo12+1
3.27.8-1
3.27.9-1~bpo12+1
3.27.9-1
3.28.0-1
3.28.1-1~bpo12+1
3.28.1-1
3.28.2-1
3.28.3-1~bpo12+1
3.28.3-1
3.29.2-1
3.29.2-2~bpo12+1
3.29.2-2
3.29.3-1~bpo12+1
3.29.3-1
3.29.4-1~bpo12+1
3.29.4-1
3.29.5-1~bpo12+1
3.29.5-1
3.29.6-1~bpo12+1
3.29.6-1
3.30.0-1
3.30.1-1
3.30.2-1
3.30.2-2~bpo12+1
3.30.2-2
3.30.3-1~bpo12+1
3.30.3-1
3.30.4-1~bpo12+1
3.30.4-1
3.30.5-1~bpo12+1
3.30.5-1
3.30.5-1.1
3.31.0-1
3.31.0-2
3.31.1-1
3.31.2-1
3.31.3-1
3.31.4-2~bpo12+1
3.31.4-2
3.31.5-1~bpo12+1
3.31.5-1
3.31.5-2~bpo12+1
3.31.5-2
3.31.6-1~bpo12+1
3.31.6-1
3.31.6-2~bpo12+1
3.31.6-2

4.*

4.0.0-1
4.0.1-1
4.0.2-1
4.0.3-1
4.1.0-1
4.1.1-1
4.1.1-2
4.1.1+really3.31.6-1
4.1.1+really3.31.6-2
4.1.1+really4.1.1-1
4.1.2-1
4.2.0-1
4.2.0-2
4.2.1-1

Ecosystem specific 

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-9301.json"

Debian:13 / cmake

Package

Name
cmake
Purl
pkg:deb/debian/cmake?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.31.6-2

4.*

4.0.0-1
4.0.1-1
4.0.2-1
4.0.3-1
4.1.0-1
4.1.1-1
4.1.1-2
4.1.1+really3.31.6-1
4.1.1+really3.31.6-2
4.1.1+really4.1.1-1
4.1.2-1
4.2.0-1
4.2.0-2
4.2.1-1

Ecosystem specific 

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-9301.json"

Debian:14 / cmake

Package

Name
cmake
Purl
pkg:deb/debian/cmake?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.31.6-2

4.*

4.0.0-1
4.0.1-1
4.0.2-1
4.0.3-1
4.1.0-1
4.1.1-1
4.1.1-2
4.1.1+really3.31.6-1
4.1.1+really3.31.6-2
4.1.1+really4.1.1-1
4.1.2-1
4.2.0-1
4.2.0-2
4.2.1-1

Ecosystem specific 

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-9301.json"