UBUNTU-CVE-2025-9301

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2025-9301

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-9301.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-9301

Upstream

CVE-2025-9301

Published

2025-08-21T14:15:00Z

Modified

2026-01-20T19:17:05.717557Z

Severity

3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
1.9 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Ubuntu - negligible

Summary

[none]

Details

A vulnerability was determined in cmake 4.1.20250725-gb5cce23. This affects the function cmForEachFunctionBlocker::ReplayItems of the file cmForEachCommand.cxx. This manipulation causes reachable assertion. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. Patch name: 37e27f71bc356d880c908040cd0cb68fa2c371b8. It is suggested to install a patch to address this issue.

References

Affected packages

Ubuntu:16.04:LTS

cmake

Package

Name: cmake
Purl: pkg:deb/ubuntu/cmake@3.5.1-1ubuntu3?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.2.2-2ubuntu3

3.2.2-2ubuntu4

3.3.2-1ubuntu1

3.3.2is3.2.2-0ubuntu1

3.3.2is3.2.2-0ubuntu2

3.3.2is3.2.2-0ubuntu4

3.3.2is3.2.2-0ubuntu5

3.5.0-1ubuntu1

3.5.0-1ubuntu2

3.5.0-1ubuntu3

3.5.1-1ubuntu1

3.5.1-1ubuntu2

3.5.1-1ubuntu3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "cmake",
            "binary_version": "3.5.1-1ubuntu3"
        },
        {
            "binary_name": "cmake-curses-gui",
            "binary_version": "3.5.1-1ubuntu3"
        },
        {
            "binary_name": "cmake-data",
            "binary_version": "3.5.1-1ubuntu3"
        },
        {
            "binary_name": "cmake-qt-gui",
            "binary_version": "3.5.1-1ubuntu3"
        }
    ],
    "priority_reason": "This is just a DoS in cmake via an assert"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-9301.json"

Ubuntu:18.04:LTS

cmake

Package

Name: cmake
Purl: pkg:deb/ubuntu/cmake@3.10.2-1ubuntu2.18.04.2?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.9.1-1

3.9.3-1

3.9.5-1

3.10.2-1

3.10.2-1build1

3.10.2-1ubuntu1

3.10.2-1ubuntu2

3.10.2-1ubuntu2.18.04.1

3.10.2-1ubuntu2.18.04.2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "cmake",
            "binary_version": "3.10.2-1ubuntu2.18.04.2"
        },
        {
            "binary_name": "cmake-curses-gui",
            "binary_version": "3.10.2-1ubuntu2.18.04.2"
        },
        {
            "binary_name": "cmake-data",
            "binary_version": "3.10.2-1ubuntu2.18.04.2"
        },
        {
            "binary_name": "cmake-qt-gui",
            "binary_version": "3.10.2-1ubuntu2.18.04.2"
        }
    ],
    "priority_reason": "This is just a DoS in cmake via an assert"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-9301.json"

Ubuntu:20.04:LTS

cmake

Package

Name: cmake
Purl: pkg:deb/ubuntu/cmake@3.16.3-1ubuntu1.20.04.1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.13.4-1build1

3.15.4-1

3.15.4-1ubuntu2

3.15.4-1ubuntu3

3.16.3-1ubuntu1

3.16.3-1ubuntu1.20.04.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "cmake",
            "binary_version": "3.16.3-1ubuntu1.20.04.1"
        },
        {
            "binary_name": "cmake-curses-gui",
            "binary_version": "3.16.3-1ubuntu1.20.04.1"
        },
        {
            "binary_name": "cmake-data",
            "binary_version": "3.16.3-1ubuntu1.20.04.1"
        },
        {
            "binary_name": "cmake-qt-gui",
            "binary_version": "3.16.3-1ubuntu1.20.04.1"
        }
    ],
    "priority_reason": "This is just a DoS in cmake via an assert"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-9301.json"

Ubuntu:22.04:LTS

cmake

Package

Name: cmake
Purl: pkg:deb/ubuntu/cmake@3.22.1-1ubuntu1.22.04.2?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.18.4-2ubuntu2

3.21.4-1ubuntu2

3.22.1-1ubuntu1

3.22.1-1ubuntu1.22.04.1

3.22.1-1ubuntu1.22.04.2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "cmake",
            "binary_version": "3.22.1-1ubuntu1.22.04.2"
        },
        {
            "binary_name": "cmake-curses-gui",
            "binary_version": "3.22.1-1ubuntu1.22.04.2"
        },
        {
            "binary_name": "cmake-data",
            "binary_version": "3.22.1-1ubuntu1.22.04.2"
        },
        {
            "binary_name": "cmake-qt-gui",
            "binary_version": "3.22.1-1ubuntu1.22.04.2"
        }
    ],
    "priority_reason": "This is just a DoS in cmake via an assert"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-9301.json"

Ubuntu:24.04:LTS

cmake

Package

Name: cmake
Purl: pkg:deb/ubuntu/cmake@3.28.3-1build7?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.27.4-1

3.27.7-1

3.27.8-1

3.27.8-1build1

3.28.1-1

3.28.3-1

3.28.3-1build5

3.28.3-1build6

3.28.3-1build7

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "cmake",
            "binary_version": "3.28.3-1build7"
        },
        {
            "binary_name": "cmake-curses-gui",
            "binary_version": "3.28.3-1build7"
        },
        {
            "binary_name": "cmake-data",
            "binary_version": "3.28.3-1build7"
        },
        {
            "binary_name": "cmake-qt-gui",
            "binary_version": "3.28.3-1build7"
        }
    ],
    "priority_reason": "This is just a DoS in cmake via an assert"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-9301.json"

Ubuntu:25.10

cmake

Package

Name: cmake
Purl: pkg:deb/ubuntu/cmake@3.31.6-2ubuntu6?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.31.6-1ubuntu1

3.31.6-2ubuntu1

3.31.6-2ubuntu3

3.31.6-2ubuntu4

3.31.6-2ubuntu5

3.31.6-2ubuntu6

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "cmake",
            "binary_version": "3.31.6-2ubuntu6"
        },
        {
            "binary_name": "cmake-curses-gui",
            "binary_version": "3.31.6-2ubuntu6"
        },
        {
            "binary_name": "cmake-data",
            "binary_version": "3.31.6-2ubuntu6"
        },
        {
            "binary_name": "cmake-qt-gui",
            "binary_version": "3.31.6-2ubuntu6"
        }
    ],
    "priority_reason": "This is just a DoS in cmake via an assert"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-9301.json"