INFSA-2025:22760: abrt security update

Information about definition

Identificator: INFSA-2025:22760

Type: security

Release date: 2025-12-16 15:24:40 UTC

Information about package

The Automatic Bug Reporting Tool (ABRT) recognizes defects in applications and creates bug reports that help maintainers fix the defects. ABRT uses a plug-in system to extend its functionality.

Vulnerabilities description

  • CVE-2025-12744

    A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command (docker inspect %s) without proper validation. An unprivileged local user can craft a payload that injects shell metacharacters, causing the root-running ABRT process to execute attacker-controlled commands and ultimately gain full root privileges.

Severity level

CVE Score CVSS 2.0 Score CVSS 3.x Score CVSS 4.0
no information 8.8 no information
Critical, important, moderate, low

Updated packages

loader icon Preparing to download...
Architecture: Download