Linux Distros Unpatched Vulnerability : CVE-2025-2173

🗓️ 27 Aug 2025 00:00:00Reported by TenableType

Unpatched libzvbi up to 0.2.43 has remote uninitialized pointer vulnerability; upgrade to 0.2.44.

Reporter	Title	Published	Views	Family All 56
AstraLinux	Astra Linux - уязвимость в zvbi	3 May 202623:59	–	astralinux
Circl	CVE-2025-2173	11 Mar 202507:39	–	circl
CNNVD	libzvbi 安全漏洞	11 Mar 202500:00	–	cnnvd
CVE	CVE-2025-2173	11 Mar 202506:31	–	cve
Cvelist	CVE-2025-2173 libzvbi conv.c vbi_strndup_iconv_ucs2 uninitialized pointer	11 Mar 202506:31	–	cvelist
Debian	[SECURITY] [DLA 4449-1] zvbi security update	24 Jan 202618:37	–	debian
Debian CVE	CVE-2025-2173	11 Mar 202506:31	–	debiancve
Tenable Nessus	Debian dla-4449 : libzvbi-common - security update	24 Jan 202600:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : zvbi (SUSE-SU-2025:0979-1)	22 Mar 202500:00	–	nessus
Tenable Nessus	SUSE SLES12 Security Update : zvbi (SUSE-SU-2025:0988-1)	25 Mar 202500:00	–	nessus

Source	Link
ubuntu	www.ubuntu.com/security/CVE-2025-2173
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(255876);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/05/16");

  script_cve_id("CVE-2025-2173");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2025-2173");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - A vulnerability was found in libzvbi up to 0.2.43. It has been classified as problematic. Affected is the
    function vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the argument src_length leads
    to uninitialized pointer. It is possible to launch the attack remotely. The exploit has been disclosed to
    the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is
    identified as 8def647eea27f7fd7ad33ff79c2d6d3e39948dce. It is recommended to upgrade the affected
    component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly
    professional. (CVE-2025-2173)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2025-2173");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:U/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-2173");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2025-2173");
  script_set_attribute(attribute:"cvss4_score_source", value:"CVE-2025-2173");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/03/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:zvbi");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Ubuntu Linux-14.04");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Ubuntu Linux-14.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "14.04",
        "pkgs": [
          {"reference": "zvbi"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

16 May 2026 00:00Current

5.5Medium risk

Vulners AI Score5.5

CVSS 3.15.3 - 7.5

CVSS 25

CVSS 46.9

CVSS 35.3

EPSS0.00277

SSVC