CVE-2025-11495

LOW 3.3

GNU Binutils Linker elf64-x86-64.c elf_x86_64_relocate_section heap-based overflow

CVSS Score

3.3

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch.

CWE	CWE-122 CWE-119
Vendor	gnu
Product	binutils
Published	Oct 8, 2025
Last Updated	Feb 24, 2026

Stay Ahead of the Next One

Get instant alerts for gnu binutils

Be the first to know when new low vulnerabilities affecting gnu binutils are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

GNU / Binutils

2.45

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.327620 vuldb.com: https://vuldb.com/?ctiid.327620 vuldb.com: https://vuldb.com/?submit.668290 sourceware.org: https://sourceware.org/bugzilla/show_bug.cgi?id=33502 sourceware.org: https://sourceware.org/bugzilla/show_bug.cgi?id=33502#c3 sourceware.org: https://sourceware.org/bugzilla/attachment.cgi?id=16393 sourceware.org: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0 gnu.org: https://www.gnu.org/

Credits

🔍 Yifan Zhang (VulDB User)