Security Advisory

CVE-2025-4802

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-05-16 19:32:50

Last updated 2026-02-26 18:28:07

Assigner glibc

State PUBLISHED

Description

Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).

← Browse all CVEs View on cve.org ↗