CVE-2025-4802

HIGH 7.8

CVSS Score

7.8

EPSS Score

0.0%

EPSS Percentile

0th

Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).

CWE	CWE-426
Vendor	the gnu c library
Product	glibc
Published	May 16, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for the gnu c library glibc

Be the first to know when new high vulnerabilities affecting the gnu c library glibc are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

The GNU C Library / glibc

2.27 < 2.39

References

NVD ↗ CVE.org ↗ EPSS Data ↗

sourceware.org: https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e sourceware.org: https://sourceware.org/bugzilla/show_bug.cgi?id=32976 openwall.com: http://www.openwall.com/lists/oss-security/2025/05/16/7 openwall.com: http://www.openwall.com/lists/oss-security/2025/05/17/2 lists.debian.org: https://lists.debian.org/debian-lts-announce/2025/05/msg00033.html