CVE-2025-9403
Vulnerability
CVE-2025-9403
jq: assertion failure in run_jq_tests() of the file jq_test.c
ecosystem: redhat:8, redhat:9, redhat:10A vulnerability has been identified in the jq JSON processor where malformed JSON input containing invalid Unicode escape sequences can trigger an assertion failure in the test suite’s parsing consistency checks. This flaw arises from inconsistencies between expected and reparsed JSON values during serialization and deserialization, potentially allowing an attacker to exploit the issue by supplying specially crafted JSON data to cause abnormal termination or denial of service during test execution, highlighting weaknesses in jq’s parsing reliability.
References
- secalert@redhat.com: https://access.redhat.com/security/cve/CVE-2025-9403
- secalert@redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2390651
- secalert@redhat.com: https://drive.google.com/file/d/1r8m9PhU_rk-QPj6OMcs415FcvWPD-zJY/view?usp=sharing
- secalert@redhat.com: https://github.com/jqlang/jq/issues/3393
- secalert@redhat.com: https://nvd.nist.gov/vuln/detail/CVE-2025-9403
- secalert@redhat.com: https://vuldb.com/?ctiid.321239
- secalert@redhat.com: https://vuldb.com/?id.321239
- secalert@redhat.com: https://vuldb.com/?submit.633170
- secalert@redhat.com: https://www.cve.org/CVERecord?id=CVE-2025-9403
type: vendor
source: secalert@redhat.com
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
| AV | Local | |
|---|---|---|
| AC | Low | |
| PR | None | |
| UI | Required | |
| S | Not Changed | |
| C | None | |
| I | None | |
| A | Low |
source: secalert@redhat.com
Reachable Assertion
source: secalert@redhat.com
published: 2025-08-25 02:02:07
modified: 2025-08-26 07:30:29
Detection
OR
jq
package type: source
tag: rhel-10:431d6dc1-c8b2-f412-2d39-f649104b14bc
OR
jq
package type: source
tag: rhel-8-including-unpatched:71a3c4c9-47a5-8bbf-0ab5-6a6ecfc3a961
OR
jq
package type: source
tag: rhel-9-including-unpatched:71a3c971-eaa5-8bbf-0ab5-6a6ed1b3239e
Data Sources
- RedHat Enterprise Linux CSAF VEX
redhat-vex
