Vulnerability Description
The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wrapped_key_parser class follows attacker-controlled length fields without bounds checking, causing heap reads past the allocated buffer. An attacker can craft a malicious APFS disk image that triggers information disclosure or crashes when processed by any Sleuth Kit tool that parses APFS volumes.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sleuthkit | The Sleuth Kit | < 4.15.0 |
Related Weaknesses (CWE)
References
- https://github.com/sleuthkit/sleuthkit/commit/8b9c9e7d493bd68624f3b1a3963edd45c3Patch
- https://github.com/sleuthkit/sleuthkit/pull/3444Issue Tracking
- https://mobasi.ai/sentinelThird Party Advisory
- https://www.vulncheck.com/advisories/sleuth-kit-apfs-keybag-parser-out-of-boundsThird Party Advisory
FAQ
What is CVE-2026-40025?
CVE-2026-40025 is a vulnerability with a CVSS score of 4.4 (MEDIUM). The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wrapped_key_parser class follows attacker-controlled length fields without bou...
How severe is CVE-2026-40025?
CVE-2026-40025 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-40025?
Check the references section above for vendor advisories and patch information. Affected products include: Sleuthkit The Sleuth Kit.