EulerOS 2.0 SP11 : systemd (EulerOS-SA-2025-2248)

🗓️ 11 Oct 2025 00:00:00Reported by TenableType

EulerOS 2.0 SP11 systemd race condition lets read sensitive data from a coredump.

Reporter	Title	Published	Views	Family All 167
IBM Security Bulletins	Security Bulletin: Security vulnerabilities due to SQLite3 (CVE-2025-6965), pam_namespace (CVE-2025-6020), systemd-coredump (CVE-2025-4598) and Perl (CVE-2025-40909) packages shipped with IBM CICS TX Advanced.	9 Sep 202517:43	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues	27 Feb 202615:56	–	ibm
IBM Security Bulletins	Security Bulletin: CVE-2025-4598	19 Nov 202514:34	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates	5 Feb 202612:52	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.	26 May 202606:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues	27 Feb 202615:52	–	ibm
ATTACKERKB	CVE-2025-4598	30 May 202514:15	–	attackerkb
Tenable Nessus	AlmaLinux 9 : systemd (ALSA-2025:22660)	4 Dec 202500:00	–	nessus
Tenable Nessus	Debian dla-4259 : libnss-myhostname - security update	30 Jul 202500:00	–	nessus
Tenable Nessus	Debian dsa-5931 : libnss-myhostname - security update	29 May 202500:00	–	nessus

Source	Link
nessus	www.nessus.org/u
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(270011);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/10/11");

  script_cve_id("CVE-2025-4598");

  script_name(english:"EulerOS 2.0 SP11 : systemd (EulerOS-SA-2025-2248)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by
the following vulnerabilities :

    A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to
    crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing
    the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.

    A SUID binary or process has a special type of permission, which allows the process to run with the file
    owner's permissions, regardless of the user executing the binary. This allows the process to access more
    restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw
    by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-
    coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to
    the original's SUID process coredump file. They can read sensitive content loaded into memory by the
    original binary, affecting data confidentiality.(CVE-2025-4598)

Tenable has extracted the preceding description block directly from the EulerOS systemd security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2025-2248
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?020afb53");
  script_set_attribute(attribute:"solution", value:
"Update the affected systemd packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:P/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:P");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-4598");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/05/29");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/10/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/10/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-container");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-networkd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-nspawn");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-pam");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-resolved");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-timesyncd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-udev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-udev-compat");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (_release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP11");

var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(11)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP11");

if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP11", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu && "x86" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

var flag = 0;

var pkgs = [
  "systemd-249-16.h82.eulerosv2r11",
  "systemd-container-249-16.h82.eulerosv2r11",
  "systemd-libs-249-16.h82.eulerosv2r11",
  "systemd-networkd-249-16.h82.eulerosv2r11",
  "systemd-nspawn-249-16.h82.eulerosv2r11",
  "systemd-pam-249-16.h82.eulerosv2r11",
  "systemd-resolved-249-16.h82.eulerosv2r11",
  "systemd-timesyncd-249-16.h82.eulerosv2r11",
  "systemd-udev-249-16.h82.eulerosv2r11",
  "systemd-udev-compat-249-16.h82.eulerosv2r11"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"11", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_NOTE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "systemd");
}

11 Oct 2025 00:00Current

6Medium risk

Vulners AI Score6

CVSS 3.14.7

EPSS0.00641

SSVC