CVE-2025-15504 — LOW (3.3) — White Hats Nepal

Q: How severe is CVE-2025-15504?

CVE-2025-15504 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-15504?

Check the references section above for vendor advisories and patch information. Affected products include: Lief-Project Lief.

Vulnerability Description

A security flaw has been discovered in lief-project LIEF up to 0.17.1. Affected by this issue is the function Parser::parse_binary of the file src/ELF/Parser.tcc of the component ELF Binary Parser. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. Upgrading to version 0.17.2 can resolve this issue. The patch is identified as 81bd5d7ea0c390563f1c4c017c9019d154802978. It is recommended to upgrade the affected component.

CVSS Score

3.3

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Lief-Project	Lief	< 0.17.2

Related Weaknesses (CWE)

CWE-404 CWE-476

References

https://github.com/lief-project/LIEF/
https://github.com/lief-project/LIEF/commit/81bd5d7ea0c390563f1c4c017c9019d15480Patch
https://github.com/lief-project/LIEF/issues/1277ExploitIssue TrackingPatch
https://github.com/lief-project/LIEF/issues/1277#issuecomment-3693859001ExploitIssue TrackingPatch
https://github.com/lief-project/LIEF/releases/tag/0.17.2Release Notes
https://github.com/oneafter/1210/blob/main/segv1Product
https://vuldb.com/?ctiid.340375Permissions RequiredVDB Entry
https://vuldb.com/?id.340375Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.733329ExploitThird Party AdvisoryVDB Entry
https://github.com/lief-project/LIEF/issues/1277ExploitIssue TrackingPatch
https://github.com/lief-project/LIEF/issues/1277#issuecomment-3693859001ExploitIssue TrackingPatch
https://vuldb.com/?submit.733329ExploitThird Party AdvisoryVDB Entry

FAQ

What is CVE-2025-15504?

CVE-2025-15504 is a vulnerability with a CVSS score of 3.3 (LOW). A security flaw has been discovered in lief-project LIEF up to 0.17.1. Affected by this issue is the function Parser::parse_binary of the file src/ELF/Parser.tcc of the component ELF Binary Parser. Th...

How severe is CVE-2025-15504?

CVE-2025-15504 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-15504?

Check the references section above for vendor advisories and patch information. Affected products include: Lief-Project Lief.