PT-2025-12414 · Unknown +2 · Hercules Augeas +2

Published

2025-03-21

Updated

2025-06-09

CVE-2025-2588

Report an issue

CVSS v4.0

4.8

Vector

AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions:

Hercules Augeas version 1.14.1

Description:

A problematic issue has been found, affecting the `re case expand` function in the `src/fa.c` file. The manipulation of the `re` argument leads to a null pointer dereference. Local attacks are required to exploit this issue. The exploit has been publicly disclosed and may be used.

Recommendations:

For Hercules Augeas version 1.14.1, as a temporary workaround, consider disabling the `re case expand` function until a patch is available. Restrict access to the `src/fa.c` file to minimize the risk of exploitation. Avoid using the `re` argument in the affected function until the issue is resolved.

Exploit

Fix

NULL Pointer Dereference

Improper Resource Release

Weakness Enumeration

CWE-476CWE-404

Related Identifiers

CVE-2025-2588

MGASA-2025-0128

OPENSUSE-SU-2025:15021-1

OPENSUSE-SU-2025_1413-1

OPENSUSE-SU-2025_1534-1

SUSE-SU-2025:01534-1

SUSE-SU-2025:01754-1

SUSE-SU-2025:01763-1

SUSE-SU-2025:1413-1

SUSE-SU-2025:1534-1

SUSE-SU-2025_01754-1

SUSE-SU-2025_1534-1

Affected Products

Debian

Hercules Augeas

Suse

PT-2025-12414 · Unknown +2 · Hercules Augeas +2

Weakness Enumeration

Related Identifiers

Affected Products

References · 46