CVE-2025-2588

A vulnerability has been found in Hercules Augeas 1.14.1 and classified as problematic. This vulnerability affects the function re_case_expand of the file src/fa.c. The manipulation of the argument re leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

CVSS v3 3.3 LOW
CVSS v2.0 1.7 LOW

3.3^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

1.7^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 3.1 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://github.com/hercules-team/augeas/issues/852	Exploit Issue Tracking
https://github.com/hercules-team/augeas/issues/852#issue-2905999609	Exploit Issue Tracking
https://vuldb.com/?ctiid.300568	Permissions Required VDB Entry
https://vuldb.com/?id.300568	Permissions Required VDB Entry
https://vuldb.com/?submit.517281	Third Party Advisory VDB Entry
https://github.com/hercules-team/augeas/issues/852#issue-2905999609	Exploit Issue Tracking

Configurations

Configuration 1 (hide)

cpe:2.3:a:augeas:augeas:1.14.1:*:*:*:*:*:*:*

History

01 Apr 2025, 20:24

Type	Values Removed	Values Added
First Time		Augeas Augeas augeas
CPE		cpe:2.3:a:augeas:augeas:1.14.1:::::::*
References	~~() https://github.com/hercules-team/augeas/issues/852 -~~	() https://github.com/hercules-team/augeas/issues/852 - Exploit, Issue Tracking
References	~~() https://github.com/hercules-team/augeas/issues/852#issue-2905999609 -~~	() https://github.com/hercules-team/augeas/issues/852#issue-2905999609 - Exploit, Issue Tracking
References	~~() https://vuldb.com/?ctiid.300568 -~~	() https://vuldb.com/?ctiid.300568 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.300568 -~~	() https://vuldb.com/?id.300568 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?submit.517281 -~~	() https://vuldb.com/?submit.517281 - Third Party Advisory, VDB Entry

21 Mar 2025, 18:15

Type	Values Removed	Values Added
References	~~() https://github.com/hercules-team/augeas/issues/852#issue-2905999609 -~~	() https://github.com/hercules-team/augeas/issues/852#issue-2905999609 -
Summary		(es) Se ha encontrado una vulnerabilidad en Hercules Augeas 1.14.1, clasificada como problemática. Esta vulnerabilidad afecta a la función re_case_expand del archivo src/fa.c. La manipulación del argumento re provoca la desreferenciación de puntero nulo. Es necesario realizar ataques locales. Se ha hecho público el exploit y puede que sea utilizado.

21 Mar 2025, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-21 12:15

Updated : 2025-04-01 20:24

NVD link : CVE-2025-2588

Mitre link : CVE-2025-2588

CVE.ORG link : CVE-2025-2588

JSON object : View

Products Affected

augeas

augeas

CWE

CWE-404

Improper Resource Shutdown or Release

CWE-476

NULL Pointer Dereference

3.3 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

1.7 /10

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2025-2588

3.3^/10

1.7^/10

Attach tags to `CVE-2025-2588`