2412467 – (CVE-2025-12744) CVE-2025-12744 abrt: Command-injection in ABRT leading to local privilege escalation

Bug 2412467 (CVE-2025-12744) - CVE-2025-12744 abrt: Command-injection in ABRT leading to local privilege escalation

Summary: CVE-2025-12744 abrt: Command-injection in ABRT leading to local privilege esc...

Keywords:
Status:	NEW
Alias:	CVE-2025-12744
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2418567 2418568 2418569
Blocks:
TreeView+	depends on / blocked

Reported:	2025-11-05 12:07 UTC by OSIDB Bzimport
Modified:	2025-12-03 07:55 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-11-05 12:07:29 UTC

Command-injection vulnerability in ABRT’s container data handling. The flaw is caused by ABRT extracting a 12-byte substring from user-controlled mount information and embedding it verbatim into a shell command constructed with g_strdup_printf("docker inspect %s", container_id). Because the input is not sanitized and is passed to a shell invocation, a crafted mountinfo value can inject shell metacharacters and arbitrary commands. This can be exploited locally by any user with access to ABRT’s UNIX socket to escalate to root and escape systemd sandboxing, enabling full system compromise.

Note You need to log in before you can comment on or make changes to this bug.