Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-4598
PUBLISHED
More InfoOfficial Page
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
View Known Exploited Vulnerability (KEV) details
Published At-30 May, 2025 | 13:13
Updated At-02 Feb, 2026 | 09:32
Rejected At-
▼CVE Numbering Authority (CNA)
Systemd-coredump: race condition that allows a local attacker to crash a suid program and gain read access to the resulting core dump

A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.

Affected Products
Collection URL
https://github.com/systemd/systemd
Package Name
systemd-coredump
Default Status
unaffected
Versions
Affected
  • From 0 before 252.37 (semver)
  • From 253.0 before 253.32 (semver)
  • From 254.0 before 254.25 (semver)
  • From 255.0 before 255.19 (semver)
  • From 256.0 before 256.14 (semver)
  • From 257.0 before 257.6 (semver)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
systemd
CPEs
  • cpe:/a:redhat:enterprise_linux:9::appstream
  • cpe:/o:redhat:enterprise_linux:9::baseos
Default Status
affected
Versions
Unaffected
  • From 0:252-55.el9_7.7 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
systemd
CPEs
  • cpe:/a:redhat:enterprise_linux:9::appstream
  • cpe:/o:redhat:enterprise_linux:9::baseos
Default Status
affected
Versions
Unaffected
  • From 0:252-55.el9_7.7 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ceph Storage 7
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
rhceph/rhceph-7-rhel9
CPEs
  • cpe:/a:redhat:ceph_storage:7::el9
Default Status
affected
Versions
Unaffected
  • From sha256:cfaf2a3c9513bd280265b0e2ca5f7d60022a2e362027becfeb2c133179925523 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ceph Storage 8
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
rhceph/rhceph-8-rhel9
CPEs
  • cpe:/a:redhat:ceph_storage:8::el9
Default Status
affected
Versions
Unaffected
  • From sha256:b09eb0a1d99e655de562919ded095bbb5dc65961e341a54ea59ad99b55ca9b1b before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ceph Storage 8
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
rhceph/rhceph-8-rhel9
CPEs
  • cpe:/a:redhat:ceph_storage:8::el9
Default Status
affected
Versions
Unaffected
  • From sha256:97a60239048123bc963d7c9ac2ad85caa6a254759e44c15f173ca12ea51e4719 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Discovery 2
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
discovery/discovery-server-rhel9
CPEs
  • cpe:/a:redhat:discovery:2::el9
Default Status
affected
Versions
Unaffected
  • From sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Discovery 2
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
discovery/discovery-ui-rhel9
CPEs
  • cpe:/a:redhat:discovery:2::el9
Default Status
affected
Versions
Unaffected
  • From sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Insights proxy 1.5
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
insights-proxy/insights-proxy-container-rhel9
CPEs
  • cpe:/a:redhat:insights_proxy:1.5::el9
Default Status
affected
Versions
Unaffected
  • From sha256:1d72e553fe5a7696e600dc8fd2fe9050ba1992fa190bea622134ca7bfce7bb0d before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 10
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
NetworkManager
CPEs
  • cpe:/o:redhat:enterprise_linux:10
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 10
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rpm-ostree
CPEs
  • cpe:/o:redhat:enterprise_linux:10
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 10
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
systemd
CPEs
  • cpe:/o:redhat:enterprise_linux:10
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
NetworkManager
CPEs
  • cpe:/o:redhat:enterprise_linux:7
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
systemd
CPEs
  • cpe:/o:redhat:enterprise_linux:7
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
systemd
CPEs
  • cpe:/o:redhat:enterprise_linux:8
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
NetworkManager
CPEs
  • cpe:/o:redhat:enterprise_linux:9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhcos
CPEs
  • cpe:/a:redhat:openshift:4
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
systemd
CPEs
  • cpe:/a:redhat:openshift:4
Default Status
unaffected
Problem Types
TypeCWE IDDescription
CWECWE-364Signal Handler Race Condition
Type: CWE
CWE ID: CWE-364
Description: Signal Handler Race Condition
Metrics
VersionBase scoreBase severityVector
3.14.7MEDIUM
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Red Hat severity rating
value:
Moderate
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds

This issue can be mitigated by disabling the capability of the system to generate a coredump for SUID binaries. The perform that, the following command can be ran as `root` user: ~~~ echo 0 > /proc/sys/fs/suid_dumpable ~~~ While this mitigates this vulnerability while it's not possible to update the systemd package, it disables the capability of analyzing crashes for such binaries.

Exploits
Credits
Timeline
EventDate
Reported to Red Hat.2025-05-29 19:04:54
Made public.2025-05-29 00:00:00
Event: Reported to Red Hat.
Date: 2025-05-29 19:04:54
Event: Made public.
Date: 2025-05-29 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://access.redhat.com/errata/RHSA-2025:22660
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:22868
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:23227
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:23234
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:0414
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:1652
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-4598
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2369242
issue-tracking
x_refsource_REDHAT
https://www.openwall.com/lists/oss-security/2025/05/29/3
N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2025:22660
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2025:22868
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2025:23227
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2025:23234
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:0414
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:1652
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/security/cve/CVE-2025-4598
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2369242
Resource:
issue-tracking
x_refsource_REDHAT
Hyperlink: https://www.openwall.com/lists/oss-security/2025/05/29/3
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.openwall.com/lists/oss-security/2025/06/05/1
N/A
http://www.openwall.com/lists/oss-security/2025/06/05/3
N/A
https://www.openwall.com/lists/oss-security/2025/08/18/3
N/A
https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598
N/A
https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/
N/A
https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html
N/A
http://seclists.org/fulldisclosure/2025/Jun/9
N/A
http://www.openwall.com/lists/oss-security/2025/08/18/3
N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2025/06/05/1
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2025/06/05/3
Resource: N/A
Hyperlink: https://www.openwall.com/lists/oss-security/2025/08/18/3
Resource: N/A
Hyperlink: https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598
Resource: N/A
Hyperlink: https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2025/Jun/9
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2025/08/18/3
Resource: N/A
Details not found