CVE-2025-4802

🗓️ 16 May 2025 19:32:50Reported by glibcType

Vulnerability in GNU C Library allows attacker controlled loading of libraries in setuid binaries.

Reporter	Title	Published	Views	Family All 184
IBM Security Bulletins	Security Bulletin: IBM DataPower Gateway potentially vulnerable to library path manipulation	22 Dec 202514:10	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak	8 Nov 202516:02	–	ibm
IBM Security Bulletins	Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to untrusted library loading due to the GNU C library (CVE-2025-4802)	4 Sep 202522:45	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities due to libxml2, python3, pam and glibc packages shipped with IBM CICS TX Standard.	12 Aug 202511:48	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image	3 Jul 202510:30	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak System	30 Jan 202617:00	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM MQ Operator and Queue manager container images	23 Jul 202517:22	–	ibm
Tenable Nessus	Amazon Linux 2023 : compat-libpthread-nonshared, glibc, glibc-all-langpacks (ALAS2023-2025-1001)	12 Jun 202500:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0138: glibc (ALINUX3-SA-2025:0138)	19 Aug 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : glibc (ALSA-2025:8655)	12 Jun 202500:00	–	nessus

[
  {
    "defaultStatus": "unaffected",
    "product": "glibc",
    "vendor": "The GNU C Library",
    "versions": [
      {
        "lessThan": "2.39",
        "status": "affected",
        "version": "2.27",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
sourceware	www.sourceware.org/cgit/glibc/commit/
sourceware	www.sourceware.org/bugzilla/show_bug.cgi

16 May 2025 19:32Current

EPSS0.00043

CWE-426