Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-5899
PUBLISHED
More InfoOfficial Page
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
View Known Exploited Vulnerability (KEV) details
Published At-09 Jun, 2025 | 22:00
Updated At-10 Jun, 2025 | 15:29
Rejected At-
▼CVE Numbering Authority (CNA)
GNU PSPP pspp-convert.c parse_variables_option free of memory not on the heap

A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to free of memory not on the heap. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

Affected Products
Vendor
GNUGNU
Product
PSPP
Versions
Affected
  • 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb
Problem Types
TypeCWE IDDescription
CWECWE-590Free of Memory not on the Heap
Type: CWE
CWE ID: CWE-590
Description: Free of Memory not on the Heap
Metrics
VersionBase scoreBase severityVector
4.04.8MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
3.15.3MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
3.05.3MEDIUM
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2.04.3N/A
AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
Version: 4.0
Base score: 4.8
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Version: 3.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Version: 2.0
Base score: 4.3
Base severity: N/A
Vector:
AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Advisory disclosed2025-06-09 00:00:00
VulDB entry created2025-06-09 02:00:00
VulDB entry last update2025-06-09 09:24:04
Event: Advisory disclosed
Date: 2025-06-09 00:00:00
Event: VulDB entry created
Date: 2025-06-09 02:00:00
Event: VulDB entry last update
Date: 2025-06-09 09:24:04
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.311671
vdb-entry
technical-description
https://vuldb.com/?ctiid.311671
signature
permissions-required
https://vuldb.com/?submit.586106
third-party-advisory
https://savannah.gnu.org/bugs/index.php?67072
related
https://drive.google.com/file/d/1YPJLiBzOwVTcc2FzdawYxBJWGujwqy7o/view?usp=sharing
exploit
https://www.gnu.org/
product
Hyperlink: https://vuldb.com/?id.311671
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/?ctiid.311671
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/?submit.586106
Resource:
third-party-advisory
Hyperlink: https://savannah.gnu.org/bugs/index.php?67072
Resource:
related
Hyperlink: https://drive.google.com/file/d/1YPJLiBzOwVTcc2FzdawYxBJWGujwqy7o/view?usp=sharing
Resource:
exploit
Hyperlink: https://www.gnu.org/
Resource:
product
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://savannah.gnu.org/bugs/index.php?67072
exploit
Hyperlink: https://savannah.gnu.org/bugs/index.php?67072
Resource:
exploit
Details not found