AZL-64292 CVE-2025-4598 affecting package systemd for versions less than 250.3-23

🗓️ 30 May 2025 14:15:23Reported by GoogleType

osv

osv🔗 osv.dev👁 2 Views

Systemd coredump flaw lets forcing a SUID process to crash and reveal the coredump with /etc/shadow.

Reporter	Title	Published	Views	Family All 164
IBM Security Bulletins	Security Bulletin: Security vulnerabilities due to SQLite3 (CVE-2025-6965), pam_namespace (CVE-2025-6020), systemd-coredump (CVE-2025-4598) and Perl (CVE-2025-40909) packages shipped with IBM CICS TX Advanced.	9 Sep 202517:43	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues	27 Feb 202615:56	–	ibm
IBM Security Bulletins	Security Bulletin: CVE-2025-4598	19 Nov 202514:34	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates	5 Feb 202612:52	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.	26 May 202606:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues	27 Feb 202615:52	–	ibm
ATTACKERKB	CVE-2025-4598	30 May 202514:15	–	attackerkb
Tenable Nessus	AlmaLinux 9 : systemd (ALSA-2025:22660)	4 Dec 202500:00	–	nessus
Tenable Nessus	Debian dla-4259 : libnss-myhostname - security update	30 Jul 202500:00	–	nessus
Tenable Nessus	Debian dsa-5931 : libnss-myhostname - security update	29 May 202500:00	–	nessus

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-4598

21 Apr 2026 04:32Current

7High risk

Vulners AI Score7

CVSS 3.14.7

EPSS0.00112

systemd coredump suid process race condition coredump data sensitive data shadow file