CVE-2025-12744 HIGH

CVE-2025-12744: Abrt: command-injection in abrt leading to local privilege escalation

Vendor Red Hat

Product Red Hat Enterprise Linux 6

Weakness CWE-78

Published December 3, 2025

Last update December 3, 2025

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command (docker inspect %s) without proper validation. An unprivileged local user can craft a payload that injects shell metacharacters, causing the root-running ABRT process to execute attacker-controlled commands and ultimately gain full root privileges.

Key dates

02Disclosure timeline

December 3, 2025 CVE published

December 3, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-12744

Related vulnerabilities

Identifiers

CVE CVE-2025-12744

CWE CWE-78

CVSS 8.8 / HIGH

Affected versions

Vendor Red Hat

Product Red Hat Enterprise Linux 6

Affected All versions

Vendor Red Hat

Product Red Hat Enterprise Linux 7

Affected All versions

Vendor Red Hat

Product Red Hat Enterprise Linux 8

Affected All versions

CVE-2025-12744: Abrt: command-injection in abrt leading to local privilege escalation

01Description

02Disclosure timeline

03References

04Related CVE