PT-2025-12414 · Unknown+4 · Hercules Augeas+4

Published

2025-03-10

Updated

2025-08-07

CVE-2025-2588

CVSS v4.0

4.8

Medium

Vector

AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Hercules Augeas version 1.14.1

Description A problematic issue has been found, affecting the re case expand function in the src/fa.c file. The manipulation of the re argument leads to a null pointer dereference. Local attacks are required to exploit this issue. The exploit has been publicly disclosed and may be used.

Recommendations For Hercules Augeas version 1.14.1, as a temporary workaround, consider disabling the re case expand function until a patch is available. Restrict access to the src/fa.c file to minimize the risk of exploitation. Avoid using the re argument in the affected function until the issue is resolved.

Exploit

Fix

DoS

NULL Pointer Dereference

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-404

Related Identifiers

ALT-PU-2025-9978

AZL-58945

AZL-58951

BDU:2025-11799

CVE-2025-2588

MGASA-2025-0128

OESA-2025-1428

OPENSUSE-SU-2025:15021-1

OPENSUSE-SU-2025_1413-1

OPENSUSE-SU-2025_1534-1

SUSE-SU-2025:01534-1

SUSE-SU-2025:01754-1

SUSE-SU-2025:01763-1

SUSE-SU-2025:1413-1

SUSE-SU-2025:1534-1

SUSE-SU-2025:20345-1

SUSE-SU-2025:20415-1

SUSE-SU-2025_01534-1

SUSE-SU-2025_01754-1

SUSE-SU-2025_1534-1

Affected Products

Alt Linux

Astra Linux

Debian

Hercules Augeas

Suse

PT-2025-12414 · Unknown+4 · Hercules Augeas+4

CVE-2025-2588

Weakness Enumeration

Related Identifiers

Affected Products

References · 52