2390085 – (CVE-2025-9301) CVE-2025-9301 cmake: cmake reachable assertion

Bug 2390085 (CVE-2025-9301) - CVE-2025-9301 cmake: cmake reachable assertion

Summary: CVE-2025-9301 cmake: cmake reachable assertion

Keywords:
Status:	NEW
Alias:	CVE-2025-9301
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2390121 2390122
Blocks:
TreeView+	depends on / blocked

Reported:	2025-08-21 14:01 UTC by OSIDB Bzimport
Modified:	2025-08-21 17:21 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-08-21 14:01:30 UTC

A vulnerability was determined in cmake 4.1.20250725-gb5cce23. This affects the function cmForEachFunctionBlocker::ReplayItems of the file cmForEachCommand.cxx. This manipulation causes reachable assertion. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. Patch name: 37e27f71bc356d880c908040cd0cb68fa2c371b8. It is suggested to install a patch to address this issue.

Note You need to log in before you can comment on or make changes to this bug.