Linux Distros Unpatched Vulnerability : CVE-2025-2174

🗓️ 27 Aug 2025 00:00:00Reported by TenableType

CVE-2025-2174 libzvbi 0.2.43 remote overflow in vbi_strndup_iconv_ucs2; upgrade to 0.2.44 ca167213

Reporter	Title	Published	Views	Family All 52
AstraLinux	Astra Linux - уязвимость в zvbi	3 May 202623:59	–	astralinux
Circl	CVE-2025-2174	11 Mar 202507:39	–	circl
CNNVD	libzvbi 输入验证错误漏洞	11 Mar 202500:00	–	cnnvd
CVE	CVE-2025-2174	11 Mar 202506:31	–	cve
Cvelist	CVE-2025-2174 libzvbi conv.c vbi_strndup_iconv_ucs2 integer overflow	11 Mar 202506:31	–	cvelist
Debian	[SECURITY] [DLA 4449-1] zvbi security update	24 Jan 202618:37	–	debian
Debian CVE	CVE-2025-2174	11 Mar 202506:31	–	debiancve
Tenable Nessus	Debian dla-4449 : libzvbi-common - security update	24 Jan 202600:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : zvbi (SUSE-SU-2025:0979-1)	22 Mar 202500:00	–	nessus
Tenable Nessus	SUSE SLES12 Security Update : zvbi (SUSE-SU-2025:0988-1)	25 Mar 202500:00	–	nessus

Source	Link
ubuntu	www.ubuntu.com/security/CVE-2025-2174
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(256328);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/05/16");

  script_cve_id("CVE-2025-2174");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2025-2174");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - A vulnerability was found in libzvbi up to 0.2.43. It has been declared as problematic. Affected by this
    vulnerability is the function vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the
    argument src_length leads to integer overflow. The attack can be launched remotely. The exploit has been
    disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The
    patch is named ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected
    component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly
    professional. (CVE-2025-2174)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2025-2174");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:U/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:U/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-2174");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/03/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:zvbi");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Ubuntu Linux-14.04");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Ubuntu Linux-14.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "14.04",
        "pkgs": [
          {"reference": "zvbi"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

16 May 2026 00:00Current

5.6Medium risk

Vulners AI Score5.6

CVSS 3.15.3 - 7.5

CVSS 25

CVSS 46.9

CVSS 35.3

EPSS0.00178

SSVC