CVE-2025-29481

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-29481

6.2 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

B

uffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpf_object__init_prog` function of libbpf. This has been disputed by third parties who assert that "no one in their sane mind should be passing untrusted ELF files into libbpf while running under root."

References
Link Resource
https://github.com/lmarch2/poc/blob/main/libbpf/libbpf.md Exploit Third Party Advisory
https://github.com/lmarch2/poc/blob/main/libbpf/libbpf.md Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:libbpf_project:libbpf:1.5.0:*:*:*:*:*:*:*
History

25 Feb 2026, 08:16

Type Values Removed Values Added
Summary (en) Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpf_object__init_prog` function of libbpf. (en) Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpf_object__init_prog` function of libbpf. This has been disputed by third parties who assert that "no one in their sane mind should be passing untrusted ELF files into libbpf while running under root."
References () https://github.com/lmarch2/poc/blob/main/libbpf/libbpf.md - Third Party Advisory, Exploit () https://github.com/lmarch2/poc/blob/main/libbpf/libbpf.md - Exploit, Third Party Advisory

15 Apr 2025, 15:42

Type Values Removed Values Added
References () https://github.com/lmarch2/poc/blob/main/libbpf/libbpf.md - () https://github.com/lmarch2/poc/blob/main/libbpf/libbpf.md - Third Party Advisory, Exploit
CPE cpe:2.3:a:libbpf_project:libbpf:1.5.0:*:*:*:*:*:*:*
First Time Libbpf Project
Libbpf Project libbpf

09 Apr 2025, 15:16

Type Values Removed Values Added
CWE CWE-120
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.2
References () https://github.com/lmarch2/poc/blob/main/libbpf/libbpf.md - () https://github.com/lmarch2/poc/blob/main/libbpf/libbpf.md -

08 Apr 2025, 18:13

Type Values Removed Values Added
Summary
  • (es) La vulnerabilidad de desbordamiento de búfer en libbpf 1.5.0 permite a un atacante local ejecutar código arbitrario a través de la función bpf_object__init_prog` de libbpf.

07 Apr 2025, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-04-07 20:15

Updated : 2026-02-25 08:16

NVD link : CVE-2025-29481

Mitre link : CVE-2025-29481

CVE.ORG link : CVE-2025-29481

JSON object : View

Products Affected

libbpf_project

CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')