{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2025-12744","title":"Title"},{"category":"description","text":"A flaw was found in the ABRT daemon's handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command (docker inspect %s) without proper validation. An unprivileged local user can craft a payload that injects shell metacharacters, causing the root-running ABRT process to execute attacker-controlled commands and ultimately gain full root privileges.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2025-12744","url":"https://www.suse.com/security/cve/CVE-2025-12744"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"Advisory link for RHSA-2025:22760","url":"https://lists.suse.com/pipermail/suse-liberty-linux-updates/2025-December/002274.html"}],"title":"SUSE CVE CVE-2025-12744","tracking":{"current_release_date":"2025-12-19T00:45:55Z","generator":{"date":"2025-12-06T00:24:15Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2025-12744","initial_release_date":"2025-12-06T00:24:15Z","revision_history":[{"date":"2025-12-06T00:24:15Z","number":"2","summary":"vulnerabilities added,references added,severity changed from  to important"},{"date":"2025-12-07T00:24:08Z","number":"3","summary":"references added"},{"date":"2025-12-17T00:46:12Z","number":"4","summary":"description changed"},{"date":"2025-12-19T00:45:55Z","number":"5","summary":"description changed"}],"status":"interim","version":"5"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Liberty Linux 8","product":{"name":"SUSE Liberty Linux 8","product_id":"SUSE Liberty Linux 8","product_identification_helper":{"cpe":"cpe:/o:suse:sll:8"}}},{"category":"product_version","name":"abrt-2.10.9-25.el8_10","product":{"name":"abrt-2.10.9-25.el8_10","product_id":"abrt-2.10.9-25.el8_10","product_identification_helper":{"purl":"pkg:rpm/suse/abrt@2.10.9-25.el8_10"}}},{"category":"product_version","name":"abrt-addon-ccpp-2.10.9-25.el8_10","product":{"name":"abrt-addon-ccpp-2.10.9-25.el8_10","product_id":"abrt-addon-ccpp-2.10.9-25.el8_10","product_identification_helper":{"purl":"pkg:rpm/suse/abrt-addon-ccpp@2.10.9-25.el8_10"}}},{"category":"product_version","name":"abrt-addon-coredump-helper-2.10.9-25.el8_10","product":{"name":"abrt-addon-coredump-helper-2.10.9-25.el8_10","product_id":"abrt-addon-coredump-helper-2.10.9-25.el8_10","product_identification_helper":{"purl":"pkg:rpm/suse/abrt-addon-coredump-helper@2.10.9-25.el8_10"}}},{"category":"product_version","name":"abrt-addon-kerneloops-2.10.9-25.el8_10","product":{"name":"abrt-addon-kerneloops-2.10.9-25.el8_10","product_id":"abrt-addon-kerneloops-2.10.9-25.el8_10","product_identification_helper":{"purl":"pkg:rpm/suse/abrt-addon-kerneloops@2.10.9-25.el8_10"}}},{"category":"product_version","name":"abrt-addon-pstoreoops-2.10.9-25.el8_10","product":{"name":"abrt-addon-pstoreoops-2.10.9-25.el8_10","product_id":"abrt-addon-pstoreoops-2.10.9-25.el8_10","product_identification_helper":{"purl":"pkg:rpm/suse/abrt-addon-pstoreoops@2.10.9-25.el8_10"}}},{"category":"product_version","name":"abrt-addon-vmcore-2.10.9-25.el8_10","product":{"name":"abrt-addon-vmcore-2.10.9-25.el8_10","product_id":"abrt-addon-vmcore-2.10.9-25.el8_10","product_identification_helper":{"purl":"pkg:rpm/suse/abrt-addon-vmcore@2.10.9-25.el8_10"}}},{"category":"product_version","name":"abrt-addon-xorg-2.10.9-25.el8_10","product":{"name":"abrt-addon-xorg-2.10.9-25.el8_10","product_id":"abrt-addon-xorg-2.10.9-25.el8_10","product_identification_helper":{"purl":"pkg:rpm/suse/abrt-addon-xorg@2.10.9-25.el8_10"}}},{"category":"product_version","name":"abrt-cli-2.10.9-25.el8_10","product":{"name":"abrt-cli-2.10.9-25.el8_10","product_id":"abrt-cli-2.10.9-25.el8_10","product_identification_helper":{"purl":"pkg:rpm/suse/abrt-cli@2.10.9-25.el8_10"}}},{"category":"product_version","name":"abrt-cli-ng-2.10.9-25.el8_10","product":{"name":"abrt-cli-ng-2.10.9-25.el8_10","product_id":"abrt-cli-ng-2.10.9-25.el8_10","product_identification_helper":{"purl":"pkg:rpm/suse/abrt-cli-ng@2.10.9-25.el8_10"}}},{"category":"product_version","name":"abrt-console-notification-2.10.9-25.el8_10","product":{"name":"abrt-console-notification-2.10.9-25.el8_10","product_id":"abrt-console-notification-2.10.9-25.el8_10","product_identification_helper":{"purl":"pkg:rpm/suse/abrt-console-notification@2.10.9-25.el8_10"}}},{"category":"product_version","name":"abrt-dbus-2.10.9-25.el8_10","product":{"name":"abrt-dbus-2.10.9-25.el8_10","product_id":"abrt-dbus-2.10.9-25.el8_10","product_identification_helper":{"purl":"pkg:rpm/suse/abrt-dbus@2.10.9-25.el8_10"}}},{"category":"product_version","name":"abrt-desktop-2.10.9-25.el8_10","product":{"name":"abrt-desktop-2.10.9-25.el8_10","product_id":"abrt-desktop-2.10.9-25.el8_10","product_identification_helper":{"purl":"pkg:rpm/suse/abrt-desktop@2.10.9-25.el8_10"}}},{"category":"product_version","name":"abrt-gui-2.10.9-25.el8_10","product":{"name":"abrt-gui-2.10.9-25.el8_10","product_id":"abrt-gui-2.10.9-25.el8_10","product_identification_helper":{"purl":"pkg:rpm/suse/abrt-gui@2.10.9-25.el8_10"}}},{"category":"product_version","name":"abrt-gui-libs-2.10.9-25.el8_10","product":{"name":"abrt-gui-libs-2.10.9-25.el8_10","product_id":"abrt-gui-libs-2.10.9-25.el8_10","product_identification_helper":{"purl":"pkg:rpm/suse/abrt-gui-libs@2.10.9-25.el8_10"}}},{"category":"product_version","name":"abrt-libs-2.10.9-25.el8_10","product":{"name":"abrt-libs-2.10.9-25.el8_10","product_id":"abrt-libs-2.10.9-25.el8_10","product_identification_helper":{"purl":"pkg:rpm/suse/abrt-libs@2.10.9-25.el8_10"}}},{"category":"product_version","name":"abrt-plugin-machine-id-2.10.9-25.el8_10","product":{"name":"abrt-plugin-machine-id-2.10.9-25.el8_10","product_id":"abrt-plugin-machine-id-2.10.9-25.el8_10","product_identification_helper":{"purl":"pkg:rpm/suse/abrt-plugin-machine-id@2.10.9-25.el8_10"}}},{"category":"product_version","name":"abrt-plugin-sosreport-2.10.9-25.el8_10","product":{"name":"abrt-plugin-sosreport-2.10.9-25.el8_10","product_id":"abrt-plugin-sosreport-2.10.9-25.el8_10","product_identification_helper":{"purl":"pkg:rpm/suse/abrt-plugin-sosreport@2.10.9-25.el8_10"}}},{"category":"product_version","name":"abrt-tui-2.10.9-25.el8_10","product":{"name":"abrt-tui-2.10.9-25.el8_10","product_id":"abrt-tui-2.10.9-25.el8_10","product_identification_helper":{"purl":"pkg:rpm/suse/abrt-tui@2.10.9-25.el8_10"}}},{"category":"product_version","name":"python3-abrt-2.10.9-25.el8_10","product":{"name":"python3-abrt-2.10.9-25.el8_10","product_id":"python3-abrt-2.10.9-25.el8_10","product_identification_helper":{"purl":"pkg:rpm/suse/python3-abrt@2.10.9-25.el8_10"}}},{"category":"product_version","name":"python3-abrt-addon-2.10.9-25.el8_10","product":{"name":"python3-abrt-addon-2.10.9-25.el8_10","product_id":"python3-abrt-addon-2.10.9-25.el8_10","product_identification_helper":{"purl":"pkg:rpm/suse/python3-abrt-addon@2.10.9-25.el8_10"}}},{"category":"product_version","name":"python3-abrt-container-addon-2.10.9-25.el8_10","product":{"name":"python3-abrt-container-addon-2.10.9-25.el8_10","product_id":"python3-abrt-container-addon-2.10.9-25.el8_10","product_identification_helper":{"purl":"pkg:rpm/suse/python3-abrt-container-addon@2.10.9-25.el8_10"}}},{"category":"product_version","name":"python3-abrt-doc-2.10.9-25.el8_10","product":{"name":"python3-abrt-doc-2.10.9-25.el8_10","product_id":"python3-abrt-doc-2.10.9-25.el8_10","product_identification_helper":{"purl":"pkg:rpm/suse/python3-abrt-doc@2.10.9-25.el8_10"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"abrt-2.10.9-25.el8_10 as component of SUSE Liberty Linux 8","product_id":"SUSE Liberty Linux 8:abrt-2.10.9-25.el8_10"},"product_reference":"abrt-2.10.9-25.el8_10","relates_to_product_reference":"SUSE Liberty Linux 8"},{"category":"default_component_of","full_product_name":{"name":"abrt-addon-ccpp-2.10.9-25.el8_10 as component of SUSE Liberty Linux 8","product_id":"SUSE Liberty Linux 8:abrt-addon-ccpp-2.10.9-25.el8_10"},"product_reference":"abrt-addon-ccpp-2.10.9-25.el8_10","relates_to_product_reference":"SUSE Liberty Linux 8"},{"category":"default_component_of","full_product_name":{"name":"abrt-addon-coredump-helper-2.10.9-25.el8_10 as component of SUSE Liberty Linux 8","product_id":"SUSE Liberty Linux 8:abrt-addon-coredump-helper-2.10.9-25.el8_10"},"product_reference":"abrt-addon-coredump-helper-2.10.9-25.el8_10","relates_to_product_reference":"SUSE Liberty Linux 8"},{"category":"default_component_of","full_product_name":{"name":"abrt-addon-kerneloops-2.10.9-25.el8_10 as component of SUSE Liberty Linux 8","product_id":"SUSE Liberty Linux 8:abrt-addon-kerneloops-2.10.9-25.el8_10"},"product_reference":"abrt-addon-kerneloops-2.10.9-25.el8_10","relates_to_product_reference":"SUSE Liberty Linux 8"},{"category":"default_component_of","full_product_name":{"name":"abrt-addon-pstoreoops-2.10.9-25.el8_10 as component of SUSE Liberty Linux 8","product_id":"SUSE Liberty Linux 8:abrt-addon-pstoreoops-2.10.9-25.el8_10"},"product_reference":"abrt-addon-pstoreoops-2.10.9-25.el8_10","relates_to_product_reference":"SUSE Liberty Linux 8"},{"category":"default_component_of","full_product_name":{"name":"abrt-addon-vmcore-2.10.9-25.el8_10 as component of SUSE Liberty Linux 8","product_id":"SUSE Liberty Linux 8:abrt-addon-vmcore-2.10.9-25.el8_10"},"product_reference":"abrt-addon-vmcore-2.10.9-25.el8_10","relates_to_product_reference":"SUSE Liberty Linux 8"},{"category":"default_component_of","full_product_name":{"name":"abrt-addon-xorg-2.10.9-25.el8_10 as component of SUSE Liberty Linux 8","product_id":"SUSE Liberty Linux 8:abrt-addon-xorg-2.10.9-25.el8_10"},"product_reference":"abrt-addon-xorg-2.10.9-25.el8_10","relates_to_product_reference":"SUSE Liberty Linux 8"},{"category":"default_component_of","full_product_name":{"name":"abrt-cli-2.10.9-25.el8_10 as component of SUSE Liberty Linux 8","product_id":"SUSE Liberty Linux 8:abrt-cli-2.10.9-25.el8_10"},"product_reference":"abrt-cli-2.10.9-25.el8_10","relates_to_product_reference":"SUSE Liberty Linux 8"},{"category":"default_component_of","full_product_name":{"name":"abrt-cli-ng-2.10.9-25.el8_10 as component of SUSE Liberty Linux 8","product_id":"SUSE Liberty Linux 8:abrt-cli-ng-2.10.9-25.el8_10"},"product_reference":"abrt-cli-ng-2.10.9-25.el8_10","relates_to_product_reference":"SUSE Liberty Linux 8"},{"category":"default_component_of","full_product_name":{"name":"abrt-console-notification-2.10.9-25.el8_10 as component of SUSE Liberty Linux 8","product_id":"SUSE Liberty Linux 8:abrt-console-notification-2.10.9-25.el8_10"},"product_reference":"abrt-console-notification-2.10.9-25.el8_10","relates_to_product_reference":"SUSE Liberty Linux 8"},{"category":"default_component_of","full_product_name":{"name":"abrt-dbus-2.10.9-25.el8_10 as component of SUSE Liberty Linux 8","product_id":"SUSE Liberty Linux 8:abrt-dbus-2.10.9-25.el8_10"},"product_reference":"abrt-dbus-2.10.9-25.el8_10","relates_to_product_reference":"SUSE Liberty Linux 8"},{"category":"default_component_of","full_product_name":{"name":"abrt-desktop-2.10.9-25.el8_10 as component of SUSE Liberty Linux 8","product_id":"SUSE Liberty Linux 8:abrt-desktop-2.10.9-25.el8_10"},"product_reference":"abrt-desktop-2.10.9-25.el8_10","relates_to_product_reference":"SUSE Liberty Linux 8"},{"category":"default_component_of","full_product_name":{"name":"abrt-gui-2.10.9-25.el8_10 as component of SUSE Liberty Linux 8","product_id":"SUSE Liberty Linux 8:abrt-gui-2.10.9-25.el8_10"},"product_reference":"abrt-gui-2.10.9-25.el8_10","relates_to_product_reference":"SUSE Liberty Linux 8"},{"category":"default_component_of","full_product_name":{"name":"abrt-gui-libs-2.10.9-25.el8_10 as component of SUSE Liberty Linux 8","product_id":"SUSE Liberty Linux 8:abrt-gui-libs-2.10.9-25.el8_10"},"product_reference":"abrt-gui-libs-2.10.9-25.el8_10","relates_to_product_reference":"SUSE Liberty Linux 8"},{"category":"default_component_of","full_product_name":{"name":"abrt-libs-2.10.9-25.el8_10 as component of SUSE Liberty Linux 8","product_id":"SUSE Liberty Linux 8:abrt-libs-2.10.9-25.el8_10"},"product_reference":"abrt-libs-2.10.9-25.el8_10","relates_to_product_reference":"SUSE Liberty Linux 8"},{"category":"default_component_of","full_product_name":{"name":"abrt-plugin-machine-id-2.10.9-25.el8_10 as component of SUSE Liberty Linux 8","product_id":"SUSE Liberty Linux 8:abrt-plugin-machine-id-2.10.9-25.el8_10"},"product_reference":"abrt-plugin-machine-id-2.10.9-25.el8_10","relates_to_product_reference":"SUSE Liberty Linux 8"},{"category":"default_component_of","full_product_name":{"name":"abrt-plugin-sosreport-2.10.9-25.el8_10 as component of SUSE Liberty Linux 8","product_id":"SUSE Liberty Linux 8:abrt-plugin-sosreport-2.10.9-25.el8_10"},"product_reference":"abrt-plugin-sosreport-2.10.9-25.el8_10","relates_to_product_reference":"SUSE Liberty Linux 8"},{"category":"default_component_of","full_product_name":{"name":"abrt-tui-2.10.9-25.el8_10 as component of SUSE Liberty Linux 8","product_id":"SUSE Liberty Linux 8:abrt-tui-2.10.9-25.el8_10"},"product_reference":"abrt-tui-2.10.9-25.el8_10","relates_to_product_reference":"SUSE Liberty Linux 8"},{"category":"default_component_of","full_product_name":{"name":"python3-abrt-2.10.9-25.el8_10 as component of SUSE Liberty Linux 8","product_id":"SUSE Liberty Linux 8:python3-abrt-2.10.9-25.el8_10"},"product_reference":"python3-abrt-2.10.9-25.el8_10","relates_to_product_reference":"SUSE Liberty Linux 8"},{"category":"default_component_of","full_product_name":{"name":"python3-abrt-addon-2.10.9-25.el8_10 as component of SUSE Liberty Linux 8","product_id":"SUSE Liberty Linux 8:python3-abrt-addon-2.10.9-25.el8_10"},"product_reference":"python3-abrt-addon-2.10.9-25.el8_10","relates_to_product_reference":"SUSE Liberty Linux 8"},{"category":"default_component_of","full_product_name":{"name":"python3-abrt-container-addon-2.10.9-25.el8_10 as component of SUSE Liberty Linux 8","product_id":"SUSE Liberty Linux 8:python3-abrt-container-addon-2.10.9-25.el8_10"},"product_reference":"python3-abrt-container-addon-2.10.9-25.el8_10","relates_to_product_reference":"SUSE Liberty Linux 8"},{"category":"default_component_of","full_product_name":{"name":"python3-abrt-doc-2.10.9-25.el8_10 as component of SUSE Liberty Linux 8","product_id":"SUSE Liberty Linux 8:python3-abrt-doc-2.10.9-25.el8_10"},"product_reference":"python3-abrt-doc-2.10.9-25.el8_10","relates_to_product_reference":"SUSE Liberty Linux 8"}]},"vulnerabilities":[{"cve":"CVE-2025-12744","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2025-12744"}],"notes":[{"category":"general","text":"A flaw was found in the ABRT daemon's handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command (docker inspect %s) without proper validation. An unprivileged local user can craft a payload that injects shell metacharacters, causing the root-running ABRT process to execute attacker-controlled commands and ultimately gain full root privileges.","title":"CVE description"}],"product_status":{"recommended":["SUSE Liberty Linux 8:abrt-2.10.9-25.el8_10","SUSE Liberty Linux 8:abrt-addon-ccpp-2.10.9-25.el8_10","SUSE Liberty Linux 8:abrt-addon-coredump-helper-2.10.9-25.el8_10","SUSE Liberty Linux 8:abrt-addon-kerneloops-2.10.9-25.el8_10","SUSE Liberty Linux 8:abrt-addon-pstoreoops-2.10.9-25.el8_10","SUSE Liberty Linux 8:abrt-addon-vmcore-2.10.9-25.el8_10","SUSE Liberty Linux 8:abrt-addon-xorg-2.10.9-25.el8_10","SUSE Liberty Linux 8:abrt-cli-2.10.9-25.el8_10","SUSE Liberty Linux 8:abrt-cli-ng-2.10.9-25.el8_10","SUSE Liberty Linux 8:abrt-console-notification-2.10.9-25.el8_10","SUSE Liberty Linux 8:abrt-dbus-2.10.9-25.el8_10","SUSE Liberty Linux 8:abrt-desktop-2.10.9-25.el8_10","SUSE Liberty Linux 8:abrt-gui-2.10.9-25.el8_10","SUSE Liberty Linux 8:abrt-gui-libs-2.10.9-25.el8_10","SUSE Liberty Linux 8:abrt-libs-2.10.9-25.el8_10","SUSE Liberty Linux 8:abrt-plugin-machine-id-2.10.9-25.el8_10","SUSE Liberty Linux 8:abrt-plugin-sosreport-2.10.9-25.el8_10","SUSE Liberty Linux 8:abrt-tui-2.10.9-25.el8_10","SUSE Liberty Linux 8:python3-abrt-2.10.9-25.el8_10","SUSE Liberty Linux 8:python3-abrt-addon-2.10.9-25.el8_10","SUSE Liberty Linux 8:python3-abrt-container-addon-2.10.9-25.el8_10","SUSE Liberty Linux 8:python3-abrt-doc-2.10.9-25.el8_10"]},"references":[{"category":"external","summary":"CVE-2025-12744","url":"https://www.suse.com/security/cve/CVE-2025-12744"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"Advisory link for RHSA-2025:22760","url":"https://lists.suse.com/pipermail/suse-liberty-linux-updates/2025-December/002274.html"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Liberty Linux 8:abrt-2.10.9-25.el8_10","SUSE Liberty Linux 8:abrt-addon-ccpp-2.10.9-25.el8_10","SUSE Liberty Linux 8:abrt-addon-coredump-helper-2.10.9-25.el8_10","SUSE Liberty Linux 8:abrt-addon-kerneloops-2.10.9-25.el8_10","SUSE Liberty Linux 8:abrt-addon-pstoreoops-2.10.9-25.el8_10","SUSE Liberty Linux 8:abrt-addon-vmcore-2.10.9-25.el8_10","SUSE Liberty Linux 8:abrt-addon-xorg-2.10.9-25.el8_10","SUSE Liberty Linux 8:abrt-cli-2.10.9-25.el8_10","SUSE Liberty Linux 8:abrt-cli-ng-2.10.9-25.el8_10","SUSE Liberty Linux 8:abrt-console-notification-2.10.9-25.el8_10","SUSE Liberty Linux 8:abrt-dbus-2.10.9-25.el8_10","SUSE Liberty Linux 8:abrt-desktop-2.10.9-25.el8_10","SUSE Liberty Linux 8:abrt-gui-2.10.9-25.el8_10","SUSE Liberty Linux 8:abrt-gui-libs-2.10.9-25.el8_10","SUSE Liberty Linux 8:abrt-libs-2.10.9-25.el8_10","SUSE Liberty Linux 8:abrt-plugin-machine-id-2.10.9-25.el8_10","SUSE Liberty Linux 8:abrt-plugin-sosreport-2.10.9-25.el8_10","SUSE Liberty Linux 8:abrt-tui-2.10.9-25.el8_10","SUSE Liberty Linux 8:python3-abrt-2.10.9-25.el8_10","SUSE Liberty Linux 8:python3-abrt-addon-2.10.9-25.el8_10","SUSE Liberty Linux 8:python3-abrt-container-addon-2.10.9-25.el8_10","SUSE Liberty Linux 8:python3-abrt-doc-2.10.9-25.el8_10"]}],"threats":[{"category":"impact","date":"2025-12-03T09:00:08Z","details":"important"}],"title":"CVE-2025-12744"}]}