We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-49809



Description

mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTR_PACKET environment variable. NOTE: mtr on macOS may often have Sudo rules, as an indirect consequence of Homebrew not installing setuid binaries.

Reserved 2025-06-11 | Published 2025-07-04 | Updated 2025-07-04 | Assigner mitre


HIGH: 7.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-829 Inclusion of Functionality from Untrusted Control Sphere

Product status

Default status
unknown

Any version
affected

References

github.com/Homebrew/homebrew-core/issues/35085

github.com/traviscross/mtr/blob/master/SECURITY

github.com/...ommit/5226f105f087c29d3cfad9f28000e7536af91ac6

cve.org (CVE-2025-49809)

nvd.nist.gov (CVE-2025-49809)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-49809

Support options

Helpdesk Chat, Email, Knowledgebase