CVE-2025-9301

Vulnerability

CVE-2025-9301

cmake: cmake reachable assertion

ecosystem: redhat:6, redhat:7, redhat:8, redhat:9, redhat:10

A reachable assertion flaw has been discovered in the Cmake build system. A local attacker who can construct crafted input could reach this assertion and cause a program crash.

References
severityL
Low

type: vendor

source: secalert@redhat.com

CVSS3.1
3.3LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

AVLocal
ACLow
PRLow
UINone
SNot Changed
CNone
INone
ALow

source: secalert@redhat.com

 CWE
CWE-617

Reachable Assertion

source: secalert@redhat.com

published: 2025-08-21 13:32:08

modified: 2025-08-21 17:24:27

Detection

redhat:10

OR

unfixedFix deferred

 

cmake

package type: source

type: version

tag: rhel-10:c88baa74-9b96-cc66-6f07-64dec71c6d20

redhat:6

OR

unfixedOut of support scope

 

cmake

package type: source

type: version

tag: rhel-6-els:31ea3a93-79eb-593b-a6eb-5b1fa30e94b5

redhat:7

OR

unfixedOut of support scope

 

cmake

package type: source

type: version

tag: rhel-7-extras-including-unpatched:4c415ce7-b7eb-593b-a6ee-dee625bedb6c

redhat:8

OR

unfixedFix deferred

 

cmake

package type: source

type: version

tag: rhel-8-including-unpatched:2e6d6d45-5deb-593b-a70d-c13bce9caf03

redhat:9

OR

unfixedFix deferred

 

cmake

package type: source

type: version

tag: rhel-9-including-unpatched:a652ce31-63eb-593b-a711-5c2598a57882

Data Sources

  • RedHat Enterprise Linux CSAF VEX

    redhat-vex

VulsFutureVuls|GitHub