ГлавнаяУязвимости → CVE-2025-12744
8.8высокая

CVE-2025-12744

Описание

A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command (docker inspect %s) without proper validation. An unprivileged local user can craft a payload that injects shell metacharacters, causing the root-running ABRT process to execute attacker-controlled commands and ultimately gain full root privileges.

CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Источники
https://access.redhat.com/security/cve/CVE-2025-12744https://bugzilla.redhat.com/show_bug.cgi?id=2412467