CVE-2025-48060

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions jq versions up to and including 1.7.1

Description The issue is a heap-buffer-overflow present in the function jv string vfmt in the jq fuzz execute harness from oss-fuzz. This crash occurs in the file jv.c. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For versions up to and including 1.7.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Stack Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-787

Related Identifiers

ALSA-2025:10585

ALSA-2025:10618

ALT-PU-2025-7731

AZL-61968

AZL-61974

BDU:2025-06686

CESA-2025_10618

CVE-2025-48060

DLA-4307-1

ECHO-1A73-323B-CA34

GHSA-P7RR-28XF-3M5W

INFSA-2025_10585

INFSA-2025_10618

OESA-2025-1809

OPENSUSE-SU-2025:15233-1

RHSA-2025:10585

RHSA-2025:10613

RHSA-2025:10615

RHSA-2025:10616

RHSA-2025:10618

RHSA-2025:10619

RHSA-2025:10620

RHSA-2025:10621

RHSA-2025:10622

RHSA-2025:12882

RHSA-2025_10585

RHSA-2025_10618

SUSE-SU-2025:02915-1

SUSE-SU-2025:20591-1

SUSE-SU-2025:20655-1

SUSE-SU-2025_02915-1

USN-7657-1

USN-7657-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

CVE-2025-48060

Weakness Enumeration

Related Identifiers

Affected Products

References · 71