Main Vulnerability Database SB2025122311

SB2025122311 - IBM DataPower Gateway update for GNU C Library

Published: December 23, 2025

Security Bulletin ID SB2025122311

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Untrusted search path (CVE-ID: CVE-2025-4802)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to usage of an untrusted LD_LIBRARY_PATH environment variable. A local user can use the LD_LIBRARY_PATH environment variable to point to a malicious binary and execute arbitrary code with escalated privileges.

The vulnerability affects statically linked setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).

Remediation

Install update from vendor's website.

References

https://www.ibm.com/support/pages/node/7255586