Home

Description

A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command (docker inspect %s) without proper validation. An unprivileged local user can craft a payload that injects shell metacharacters, causing the root-running ABRT process to execute attacker-controlled commands and ultimately gain full root privileges.

PUBLISHED Reserved 2025-11-05 | Published 2025-12-03 | Updated 2025-12-03 | Assigner fedora




HIGH: 8.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Problem types

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Default status
unaffected

Any version before 2.17.7
affected

Default status
unknown

Default status
unaffected

Default status
affected

Timeline

2025-11-05:Reported to Red Hat.
2025-12-03:Made public.

Credits

Red Hat would like to thank Chris Moberly for reporting this issue.

References

access.redhat.com/security/cve/CVE-2025-12744 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2412467 (RHBZ#2412467) issue-tracking

cve.org (CVE-2025-12744)

nvd.nist.gov (CVE-2025-12744)