CVE-2025-5278

ADVISORY - nist

Summary

A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.

EPSS Score⁠: 0.00015 (0.020)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-121⁠

Stack-based Buffer Overflow

ADVISORY - redhat

CWE-121⁠

Stack-based Buffer Overflow

Impacted images

Advisories

NIST

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY IDCVE-2025-5278⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-121⁠

CVSS SCORE

4.4medium

Debian

CREATED

2 months ago

UPDATED

13 days ago

ADVISORY IDCVE-2025-5278⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

2 months ago

UPDATED

19 days ago

ADVISORY IDCVE-2025-5278⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Red Hat

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY IDCVE-2025-5278⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-121⁠

CVSS SCORE

4.4medium

Photon

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CVE-2025-5278

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

4.4medium