AZL-72307 CVE-2025-14104 affecting package util-linux for versions less than 2.37.4-10

🗓️ 05 Dec 2025 17:16:03Reported by GoogleType

osv

osv🔗 osv.dev

Heap buffer overread in util-linux setpwnam affects SUID login utilities; older versions than 2.37.4-10 are affected.

Reporter	Title	Published	Views	Family All 146
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues	21 May 202615:53	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in util-linux affects IBM Netezza Appliance	15 Apr 202610:52	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates	3 Mar 202615:41	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM API Connect	11 May 202623:57	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM MQ Operator and Queue manager container images	24 Mar 202606:56	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues	14 Apr 202615:27	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with Cloud Pak foundational services 4.6.21 shipped with IBM Cloud Pak for Business Automation iFixes for April 2026	28 May 202621:55	–	ibm
ATTACKERKB	CVE-2025-14104	5 Dec 202516:22	–	attackerkb
Tenable Nessus	Alibaba Cloud Linux 3 : 0032: util-linux (ALINUX3-SA-2026:0032)	13 Feb 202600:00	–	nessus
Tenable Nessus	AlmaLinux 10 : util-linux (ALSA-2026:1696)	3 Feb 202600:00	–	nessus

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-14104

21 Apr 2026 04:36Current

7High risk

Vulners AI Score7

CVSS 3.16.1

EPSS0.00009

SSVC

util linux heap overread setpwnam suid utilities password database vulnerability severity