Linux Distros Unpatched Vulnerability : CVE-2025-4598

🗓️ 11 Aug 2025 00:00:00Reported by TenableType

Linux unpatched CVE-2025-4598: systemd-coredump race allows read memory and core dumps.

Reporter	Title	Published	Views	Family All 164
IBM Security Bulletins	Security Bulletin: Security vulnerabilities due to SQLite3 (CVE-2025-6965), pam_namespace (CVE-2025-6020), systemd-coredump (CVE-2025-4598) and Perl (CVE-2025-40909) packages shipped with IBM CICS TX Advanced.	9 Sep 202517:43	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues	27 Feb 202615:56	–	ibm
IBM Security Bulletins	Security Bulletin: CVE-2025-4598	19 Nov 202514:34	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates	5 Feb 202612:52	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.	26 May 202606:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues	27 Feb 202615:52	–	ibm
ATTACKERKB	CVE-2025-4598	30 May 202514:15	–	attackerkb
Tenable Nessus	AlmaLinux 9 : systemd (ALSA-2025:22660)	4 Dec 202500:00	–	nessus
Tenable Nessus	Debian dla-4259 : libnss-myhostname - security update	30 Jul 202500:00	–	nessus
Tenable Nessus	Debian dsa-5931 : libnss-myhostname - security update	29 May 202500:00	–	nessus

Source	Link
access	www.access.redhat.com/security/cve/cve-2025-4598
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(247900);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/03");

  script_cve_id("CVE-2025-4598");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2025-4598");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to
    crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing
    the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID
    binary or process has a special type of permission, which allows the process to run with the file owner's
    permissions, regardless of the user executing the binary. This allows the process to access more
    restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw
    by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-
    coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to
    the original's SUID process coredump file. They can read sensitive content loaded into memory by the
    original binary, affecting data confidentiality. (CVE-2025-4598)

  - The systemd-coredump is prone to a kill-and-replace race condition which may allow a local attacker to
    gain sensitive information from crashed SUID processes. Additionally systemd-coredump does not specify %d
    (the kernel's per-process dumpable flag) in /proc/sys/kernel/core_pattern allowing a local attacker to
    crash root daemons that fork() and setuid() to the attacker's uid and consequently gain read access to the
    resulting core dumps and therefore to sensitive information from memory of the root daemons.
    (CVE-2025-4598)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2025-4598");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:P/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:U/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:U/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:P");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-4598");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/05/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:8");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libgudev1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libgudev1-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:systemd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:systemd-container");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:systemd-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:systemd-journal-gateway");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:systemd-journal-remote");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:systemd-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:systemd-networkd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:systemd-pam");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:systemd-python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:systemd-resolved");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:systemd-sysv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:systemd-tests");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:systemd-udev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libgudev1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libgudev1-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-container");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-journal-gateway");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-journal-remote");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-networkd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-pam");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-resolved");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-sysv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-tests");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-udev");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/CentOS Linux-7", "Host/OS/CentOS Linux-8", "Host/OS/Red Hat Enterprise Linux-7", "Host/OS/Red Hat Enterprise Linux-8");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/CentOS/rpm-list")) && empty_or_null(get_one_kb_item("Host/RedHat/rpm-list"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "CentOS Linux-7": {
    "package_manager": "rpm-list",
    "constraints": [
      {
        "release": "7",
        "pkgs": [
          {"reference": "libgudev1"},
          {"reference": "libgudev1-devel"},
          {"reference": "systemd"},
          {"reference": "systemd-devel"},
          {"reference": "systemd-journal-gateway"},
          {"reference": "systemd-libs"},
          {"reference": "systemd-networkd"},
          {"reference": "systemd-python"},
          {"reference": "systemd-resolved"},
          {"reference": "systemd-sysv"}
        ]
      }
    ]
  },
  "Red Hat Enterprise Linux-7": {
    "package_manager": "rpm-list",
    "constraints": [
      {
        "release": "7",
        "pkgs": [
          {"reference": "libgudev1"},
          {"reference": "libgudev1-devel"},
          {"reference": "systemd"},
          {"reference": "systemd-devel"},
          {"reference": "systemd-journal-gateway"},
          {"reference": "systemd-libs"},
          {"reference": "systemd-networkd"},
          {"reference": "systemd-python"},
          {"reference": "systemd-resolved"},
          {"reference": "systemd-sysv"}
        ]
      }
    ]
  },
  "CentOS Linux-8": {
    "package_manager": "rpm-list",
    "constraints": [
      {
        "release": "8",
        "pkgs": [
          {"reference": "systemd"},
          {"reference": "systemd-container"},
          {"reference": "systemd-devel"},
          {"reference": "systemd-journal-remote"},
          {"reference": "systemd-libs"},
          {"reference": "systemd-pam"},
          {"reference": "systemd-tests"},
          {"reference": "systemd-udev"}
        ]
      }
    ]
  },
  "Red Hat Enterprise Linux-8": {
    "package_manager": "rpm-list",
    "constraints": [
      {
        "release": "8",
        "pkgs": [
          {"reference": "systemd"},
          {"reference": "systemd-container"},
          {"reference": "systemd-devel"},
          {"reference": "systemd-journal-remote"},
          {"reference": "systemd-libs"},
          {"reference": "systemd-pam"},
          {"reference": "systemd-tests"},
          {"reference": "systemd-udev"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_NOTE,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

03 Jun 2026 00:00Current

6.3Medium risk

Vulners AI Score6.3

CVSS 3.14.7

EPSS0.00112

SSVC