vulnerability
Alma Linux: CVE-2025-12744: Important: abrt security update (ALSA-2025-22760)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:S/C:C/I:C/A:C) | Dec 4, 2025 | Dec 11, 2025 | Mar 18, 2026 |
Severity
7
CVSS
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
Published
Dec 4, 2025
Added
Dec 11, 2025
Modified
Mar 18, 2026
Description
A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command (docker inspect %s) without proper validation. An unprivileged local user can craft a payload that injects shell metacharacters, causing the root-running ABRT process to execute attacker-controlled commands and ultimately gain full root privileges.
Solutions
alma-upgrade-abrtalma-upgrade-abrt-addon-ccppalma-upgrade-abrt-addon-coredump-helperalma-upgrade-abrt-addon-kerneloopsalma-upgrade-abrt-addon-pstoreoopsalma-upgrade-abrt-addon-vmcorealma-upgrade-abrt-addon-xorgalma-upgrade-abrt-clialma-upgrade-abrt-cli-ngalma-upgrade-abrt-console-notificationalma-upgrade-abrt-dbusalma-upgrade-abrt-desktopalma-upgrade-abrt-guialma-upgrade-abrt-gui-libsalma-upgrade-abrt-libsalma-upgrade-abrt-plugin-machine-idalma-upgrade-abrt-plugin-sosreportalma-upgrade-abrt-tuialma-upgrade-python3-abrtalma-upgrade-python3-abrt-addonalma-upgrade-python3-abrt-container-addonalma-upgrade-python3-abrt-doc
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.