vulnerability

Oracle Linux: CVE-2025-12744: ELSA-2025-22760: abrt security update (IMPORTANT)

Try Surface Command
Back to search
Severity
7
CVSS
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
Published
Dec 3, 2025
Added
Dec 8, 2025
Modified
Dec 8, 2025

Description

A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command (docker inspect %s) without proper validation. An unprivileged local user can craft a payload that injects shell metacharacters, causing the root-running ABRT process to execute attacker-controlled commands and ultimately gain full root privileges.

Solutions

oracle-linux-upgrade-abrtoracle-linux-upgrade-abrt-addon-ccpporacle-linux-upgrade-abrt-addon-coredump-helperoracle-linux-upgrade-abrt-addon-kerneloopsoracle-linux-upgrade-abrt-addon-pstoreoopsoracle-linux-upgrade-abrt-addon-vmcoreoracle-linux-upgrade-abrt-addon-xorgoracle-linux-upgrade-abrt-clioracle-linux-upgrade-abrt-cli-ngoracle-linux-upgrade-abrt-console-notificationoracle-linux-upgrade-abrt-dbusoracle-linux-upgrade-abrt-desktoporacle-linux-upgrade-abrt-guioracle-linux-upgrade-abrt-gui-libsoracle-linux-upgrade-abrt-libsoracle-linux-upgrade-abrt-plugin-machine-idoracle-linux-upgrade-abrt-plugin-sosreportoracle-linux-upgrade-abrt-tuioracle-linux-upgrade-python3-abrtoracle-linux-upgrade-python3-abrt-addonoracle-linux-upgrade-python3-abrt-container-addonoracle-linux-upgrade-python3-abrt-doc

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today