QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-4598

Back to search

CVE-2025-4598

Published: May 30, 2025

Modified: Jun 2, 2026

PUBLISHED

CVSS v3.1

4.7

MEDIUM

Description

A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.

VendorProductVersions

Unknown

systemd-coredump

affected
0 - < 252.37
affected
253.0 - < 253.32
affected
254.0 - < 254.25
affected
255.0 - < 255.19
affected
256.0 - < 256.14

+1 more versions

Red Hat

Red Hat Enterprise Linux 10

unaffected
0:257-23.el10 - < *

Red Hat

Red Hat Enterprise Linux 9

unaffected
0:252-55.el9_7.7 - < *

Red Hat

Red Hat Enterprise Linux 9

unaffected
0:252-55.el9_7.7 - < *

Red Hat

Red Hat Ceph Storage 7

unaffected
7 - < *

Red Hat

Red Hat Ceph Storage 8

unaffected
8 - < *

Red Hat

Red Hat Ceph Storage 8

unaffected
1769512383 - < *

Red Hat

Red Hat Discovery 2

unaffected
1767888970 - < *

Red Hat

Red Hat Discovery 2

unaffected
1767904573 - < *

Red Hat

Red Hat Insights proxy 1.5

unaffected
1.5.9-1765201856 - < *

Red Hat

Red Hat Enterprise Linux 10

All versions

Red Hat

Red Hat Enterprise Linux 10

All versions

Red Hat

Red Hat Enterprise Linux 7

All versions

Red Hat

Red Hat Enterprise Linux 7

All versions

Red Hat

Red Hat Enterprise Linux 8

All versions

Red Hat

Red Hat Enterprise Linux 9

All versions

Red Hat

Red Hat OpenShift Container Platform 4

All versions

Red Hat

Red Hat OpenShift Container Platform 4

All versions

Weaknesses (CWE)

CWE-364

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

References

RHSA-2025:22660
vendor-advisory
x_refsource_REDHAT
RHSA-2025:22868
vendor-advisory
x_refsource_REDHAT
RHSA-2025:23227
vendor-advisory
x_refsource_REDHAT
RHSA-2025:23234
vendor-advisory
x_refsource_REDHAT
RHSA-2026:0414
vendor-advisory
x_refsource_REDHAT
RHSA-2026:1652
vendor-advisory
x_refsource_REDHAT
RHSA-2026:18153
vendor-advisory
x_refsource_REDHAT
RHBZ#2369242
issue-tracking
x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now