Azure Linux 3.0 Security Update: elfutils (CVE-2025-1372)

🗓️ 22 Jan 2026 00:00:00Reported by TenableType

Azure Linux 3.0 elfutils readelf local buffer overflow; patch the vulnerability.

Reporter	Title	Published	Views	Family All 79
Tenable Nessus	Amazon Linux 2023 : elfutils, elfutils-default-yama-scope, elfutils-devel (ALAS2023-2025-969)	13 May 202500:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP12 : elfutils (EulerOS-SA-2025-1411)	6 May 202500:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP12 : elfutils (EulerOS-SA-2025-1412)	6 May 202500:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP13 : elfutils (EulerOS-SA-2025-1611)	11 Jun 202500:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP13 : elfutils (EulerOS-SA-2025-1628)	11 Jun 202500:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP11 : elfutils (EulerOS-SA-2025-1649)	12 Jun 202500:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP11 : elfutils (EulerOS-SA-2025-1650)	12 Jun 202500:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP10 : elfutils (EulerOS-SA-2025-1770)	10 Jul 202500:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP10 : elfutils (EulerOS-SA-2025-1793)	10 Jul 202500:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.10.1 : elfutils (EulerOS-SA-2026-1111)	31 Jan 202600:00	–	nessus

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-1372
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(295235);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/02/03");

  script_cve_id("CVE-2025-1372");

  script_name(english:"Azure Linux 3.0 Security Update: elfutils (CVE-2025-1372)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Azure Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The version of elfutils installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore,
affected by a vulnerability as referenced in the CVE-2025-1372 advisory.

  - A vulnerability was found in GNU elfutils 0.192. It has been declared as critical. Affected by this
    vulnerability is the function dump_data_section/print_string_section of the file readelf.c of the
    component eu-readelf. The manipulation of the argument z/x leads to buffer overflow. An attack has to be
    approached locally. The exploit has been disclosed to the public and May be used. The identifier of the
    patch is 73db9d2021cab9e23fd734b0a76a612d52a6f1db. It is recommended to apply a patch to fix this issue.
    (CVE-2025-1372)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2025-1372");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:P");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-1372");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/02/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/04/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:elfutils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:elfutils-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:elfutils-default-yama-scope");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:elfutils-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:elfutils-devel-static");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:elfutils-libelf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:elfutils-libelf-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:elfutils-libelf-devel-static");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:elfutils-libelf-lang");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:microsoft:azure_linux");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Azure Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AzureLinux/release", "Host/AzureLinux/rpm-list", "Host/cpu");

  exit(0);
}
include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item('Host/AzureLinux/release');
if (isnull(release) || 'Azure Linux' >!< release) audit(AUDIT_OS_NOT, 'Azure Linux');
var os_ver = pregmatch(pattern: "Azure Linux ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Azure Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Azure Linux 3.0', 'Azure Linux ' + os_ver);

if (!get_kb_item('Host/AzureLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu)
  audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Azure Linux', cpu);

var pkgs = [
    {'reference':'elfutils-0.189-4.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'elfutils-0.189-4.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'elfutils-debuginfo-0.189-4.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'elfutils-debuginfo-0.189-4.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'elfutils-default-yama-scope-0.189-4.azl3', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'elfutils-default-yama-scope-0.189-4.azl3', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'elfutils-devel-0.189-4.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'elfutils-devel-0.189-4.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'elfutils-devel-static-0.189-4.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'elfutils-devel-static-0.189-4.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'elfutils-libelf-0.189-4.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'elfutils-libelf-0.189-4.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'elfutils-libelf-devel-0.189-4.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'elfutils-libelf-devel-0.189-4.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'elfutils-libelf-devel-static-0.189-4.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'elfutils-libelf-devel-static-0.189-4.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'elfutils-libelf-lang-0.189-4.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'elfutils-libelf-lang-0.189-4.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  var cves = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = 'Azure Linux ' + package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (!empty_or_null(package_array['cves'])) cves = package_array['cves'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'elfutils / elfutils-debuginfo / elfutils-default-yama-scope / etc');
}

03 Feb 2026 00:00Current

5.5Medium risk

Vulners AI Score5.5

CVSS 3.15.3 - 7.8

CVSS 24.3

CVSS 44.8

CVSS 35.3

EPSS0.00043

SSVC