CVE-2025-54409

CVSS v3.1

6.2

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: AIDE versions 0.13 through 0.19.1

Description: AIDE, an advanced intrusion detection environment, contains a null pointer dereference issue. An attacker can crash the program during report printing or database listing after setting extended file attributes with an empty attribute value or with a key containing a comma. A local user might exploit this to cause a local denial of service.

Recommendations: Update to version 0.19.2 or later. As a workaround, remove the xattrs group from rules matching files on affected file systems.

Exploit

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

AZL-66429

AZL-66431

CVE-2025-54409

DLA-4272-1

DSA-5977-1

GHSA-79G7-F8RV-JCXH

MGASA-2025-0224

OESA-2025-2108

OESA-2025-2109

OESA-2025-2110

OESA-2025-2111

OESA-2025-2112

OESA-2025-2262

OPENSUSE-SU-2025:15474-1

SUSE-SU-2025:20657-1

SUSE-SU-2025:20754-1

USN-7697-1

Affected Products

Aide

Linuxmint

Ubuntu

CVE-2025-54409

Weakness Enumeration

Related Identifiers

Affected Products

References · 50