Main Vulnerability Database SB2025121214

SB2025121214 - Anolis OS update for abrt

Published: December 12, 2025 Updated: December 17, 2025

Security Bulletin ID SB2025121214

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) OS Command Injection (CVE-ID: CVE-2025-12744)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to software extracts a 12-byte substring from user-controlled mount information and embedding it verbatim into a shell command constructed with g_strdup_printf("docker inspect %s", container_id). A local user can execute arbitrary OS commands with root privileges.

Remediation

Install update from vendor's website.

References

https://anas.openanolis.cn/errata/detail/ANSA-2025:0935

Vulnerable Software

Anolis OS: 8
python3-abrt-doc: before 2.10.9-25.0.1
python3-abrt-container-addon: before 2.10.9-25.0.1
python3-abrt-addon: before 2.10.9-25.0.1
python3-abrt: before 2.10.9-25.0.1
abrt-tui: before 2.10.9-25.0.1
abrt-retrace-client: before 2.10.9-25.0.1
abrt-plugin-machine-id: before 2.10.9-25.0.1
abrt-libs: before 2.10.9-25.0.1
abrt-gui-libs: before 2.10.9-25.0.1
abrt-gui: before 2.10.9-25.0.1
abrt-desktop: before 2.10.9-25.0.1
abrt-dbus: before 2.10.9-25.0.1
abrt-console-notification: before 2.10.9-25.0.1
abrt-cli-ng: before 2.10.9-25.0.1
abrt-cli: before 2.10.9-25.0.1
abrt-addon-xorg: before 2.10.9-25.0.1
abrt-addon-vmcore: before 2.10.9-25.0.1
abrt-addon-pstoreoops: before 2.10.9-25.0.1
abrt-addon-kerneloops: before 2.10.9-25.0.1
abrt-addon-coredump-helper: before 2.10.9-25.0.1
abrt-addon-ccpp: before 2.10.9-25.0.1
abrt: before 2.10.9-25.0.1

SB2025121214 - Anolis OS update for abrt

Breakdown by Severity

Description

Remediation

References

Please verify you're human