CVE-2025-29481
6.2
MEDIUM
CVSS 3.1
EPSS 0.12%
Description
Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpf_object__init_prog` function of libbpf. This has been disputed by third parties who assert that "no one in their sane mind should be passing untrusted ELF files into libbpf while running under root."
How to fix CVE-2025-29481
To remediate CVE-2025-29481, upgrade the affected package to a fixed version below.
- Bitnami/bpftool—upgrade to 7.4.0 or later
- —no fix listed
Is CVE-2025-29481 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- >= 1.5.0, < 7.4.0
- from 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.2 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |