CVE-2025-12744 – Abrt: command-injection in abrt leading to local privilege escalation

CVE ID : CVE-2025-12744

Published : Dec. 3, 2025, 9:15 a.m. | 1 hour, 10 minutes ago

Description : A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command (docker inspect %s) without proper validation. An unprivileged local user can craft a payload that injects shell metacharacters, causing the root-running ABRT process to execute attacker-controlled commands and ultimately gain full root privileges.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…