Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).
Vulnerable-Commit: 10e93d968716ab82931d593bada121c17c0a4b93 (2.27) Fix-Commit: 5451fa962cd0a90a0e2ec1d8910a559ace02bba0 (2.39)
The issue found on registry.access.redhat.com/ubi9/openjdk-21-runtime:1.22-1.1747241886 very latest images. and which uses - > registry.redhat.io/rhel9-osbs/osbs-ubi9-minimal:latest { "text": "", "id": 46, "severity": "high", "cvss": 8.4, "status": "affected", "cve": "CVE-2025-4802", "cause": "", "description": "Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).", "title": "", "vecStr": "", "exploit": "", "riskFactors": { "Attack complexity: low": true, "DoS - High": true, "High severity": true, "Recent vulnerability": true }, "link": "https://access.redhat.com/security/cve/CVE-2025-4802", "type": "image", "packageType": "os", "layerTime": 1747241654, "templates": null, "twistlock": false, "cri": false, "published": 1747426522, "fixDate": 0, "applicableRules": [ "*" ], "discovered": "2025-05-21T12:35:36Z", "functionLayer": "", "wildfireMalware": {}, "secret": {}, "severityCHML": "H", "packageName": "glibc", "packageVersion": "2.34-168.el9_6.14", "packageBinaryPkgs": [ "glibc-common", "glibc-minimal-langpack", "glibc" ], "packagePath": "", "packageLicense": "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" }