Home

Description

EN DE

A vulnerability was determined in cmake 4.1.20250725-gb5cce23. This affects the function cmForEachFunctionBlocker::ReplayItems of the file cmForEachCommand.cxx. This manipulation causes reachable assertion. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. Patch name: 37e27f71bc356d880c908040cd0cb68fa2c371b8. It is suggested to install a patch to address this issue.

In cmake 4.1.20250725-gb5cce23 wurde eine Schwachstelle gefunden. Dies betrifft die Funktion cmForEachFunctionBlocker::ReplayItems der Datei cmForEachCommand.cxx. Die Veränderung resultiert in reachable assertion. Der Angriff muss lokal erfolgen. Der Exploit wurde der Öffentlichkeit bekannt gemacht und könnte verwendet werden. Der Patch heißt 37e27f71bc356d880c908040cd0cb68fa2c371b8. Es wird empfohlen, einen Patch anzuwenden, um dieses Problem zu beheben.

PUBLISHED Reserved 2025-08-21 | Published 2025-08-21 | Updated 2025-08-21 | Assigner VulDB




MEDIUM: 4.8CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
LOW: 3.3CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
LOW: 3.3CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
1.7AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C

Problem types

Reachable Assertion

Timeline

2025-08-21:Advisory disclosed
2025-08-21:VulDB entry created
2025-08-21:VulDB entry last update

Credits

xdcao (VulDB User) reporter

References

vuldb.com/?id.320906 (VDB-320906 | cmake cmForEachCommand.cxx ReplayItems assertion) vdb-entry technical-description

vuldb.com/?ctiid.320906 (VDB-320906 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.632369 (Submit #632369 | cmake 4.1.20250725-gb5cce23 and other recent versions of the 4.x series. assertion failure) third-party-advisory

gitlab.kitware.com/cmake/cmake/-/issues/27135 issue-tracking

gitlab.kitware.com/cmake/cmake/-/issues/27135 issue-tracking

drive.google.com/...lzJTwIBCBmE94zn7n-gOz4f/view?usp=sharing exploit

gitlab.kitware.com/...e27f71bc356d880c908040cd0cb68fa2c371b8 patch

cve.org (CVE-2025-9301)

nvd.nist.gov (CVE-2025-9301)

Download JSON