CVE-2025-4598
Description
Moderate: systemd security update
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Description systemd-coredump: race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump Red Hat statement This flaw was rated as having a severity of Moderate due to the complexity to exploit this flaw. The attacker needs to setup a way to win the race condition and have an unprivileged local account to successfully exploit thisβ¦
Description
systemd-coredump: race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump
Red Hat statement
This flaw was rated as having a severity of Moderate due to the complexity to exploit this flaw. The attacker needs to setup a way to win the race condition and have an unprivileged local account to successfully exploit this vulnerability. By default Red Hat Enterprise Linux 8 doesn't allow systemd-coredump to create dumps of SUID programs as the /proc/sys/fs/suid_dumpable is set to 0, disabling by default this capability.
CVSS v3: 4.7 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Enterprise Linux 10 | systemd-0:257-23.el10 | RHSA-2026:18153 | 2026-05-19T00:00:00Z |
| Red Hat Enterprise Linux 9 | systemd-0:252-55.el9_7.7 | RHSA-2025:22660 | 2025-12-03T00:00:00Z |
| Red Hat Enterprise Linux 9 | systemd-0:252-55.el9_7.7 | RHSA-2025:22660 | 2025-12-03T00:00:00Z |
| Red Hat Ceph Storage 7 | rhceph/rhceph-7-rhel9:7 | RHSA-2025:23234 | 2025-12-16T00:00:00Z |
| Red Hat Ceph Storage 8 | rhceph/rhceph-8-rhel9:8 | RHSA-2025:23227 | 2025-12-16T00:00:00Z |
| Red Hat Ceph Storage 8 | rhceph/rhceph-8-rhel9:1769512383 | RHSA-2026:1652 | 2026-02-02T00:00:00Z |
| Red Hat Discovery 2 | discovery/discovery-server-rhel9:1767888970 | RHSA-2026:0414 | 2026-01-08T00:00:00Z |
| Red Hat Discovery 2 | discovery/discovery-ui-rhel9:1767904573 | RHSA-2026:0414 | 2026-01-08T00:00:00Z |
| Red Hat Insights proxy 1.5 | insights-proxy/insights-proxy-container-rhel9:1.5.9-1765201856 | RHSA-2025:22868 | 2025-12-08T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 10 | NetworkManager | Not affected |
| Red Hat Enterprise Linux 10 | rpm-ostree | Affected |
| Red Hat Enterprise Linux 7 | NetworkManager | Not affected |
| Red Hat Enterprise Linux 7 | systemd | Fix deferred |
| Red Hat Enterprise Linux 8 | systemd | Fix deferred |
| Red Hat Enterprise Linux 9 | NetworkManager | Not affected |
| Red Hat OpenShift Container Platform 4 | rhcos | Affected |
| Red Hat OpenShift Container Platform 4 | systemd | Not affected |
Apply commands
yum update -y systemd
# or:
dnf upgrade -y systemdAffected
| Vendor | Product | Version |
|---|---|---|
| redhat | Red Hat Enterprise Linux 10 | Not affected |
| redhat | Red Hat Enterprise Linux 10 | Affected |
| redhat | Red Hat Enterprise Linux 7 | Not affected |
| redhat | Red Hat Enterprise Linux 9 | Not affected |
| redhat | Red Hat OpenShift Container Platform 4 | Affected |
| redhat | Red Hat OpenShift Container Platform 4 | Not affected |
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| arch | affected | | |
| rhel | 9 | fixed | |
| sles | affected | | |
| linux-kernel | affected | 6.16 | |
| debian | 11.0 | affected | |
| debian | 12.0 | affected | |
| rhel | 7.0 | affected | |
| rhel | 8.0 | affected | |
| rhel | 9.0 | affected | |
| rhel | 10.0 | affected | |
| debian | bookworm | fixed | 252.38-1~deb12u1 |
| debian | bullseye | fixed | 247.3-7+deb11u7 |
| debian | forky | fixed | 257.6-1 |
| debian | sid | fixed | 257.6-1 |
| debian | trixie | fixed | 257.6-1 |
| almalinux | 9 | fixed | systemd-journal-remote-252-55.el9_7.7.alma.1.aarch64.rpm |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| systemd_project | systemd | {"endExcluding":"252.37"} | 252.37 |
| redhat | openshift_container_platform | 4.0 | |
References
- https://access.redhat.com/errata/RHSA-2025:22660
- https://access.redhat.com/errata/RHSA-2025:22868
- https://access.redhat.com/errata/RHSA-2025:23227
- https://access.redhat.com/errata/RHSA-2025:23234
- https://access.redhat.com/errata/RHSA-2026:0414
- https://access.redhat.com/errata/RHSA-2026:1652
- https://access.redhat.com/errata/RHSA-2026:18153
- https://access.redhat.com/security/cve/CVE-2025-4598
- https://bugzilla.redhat.com/show_bug.cgi?id=2369242
- https://www.openwall.com/lists/oss-security/2025/05/29/3
- http://seclists.org/fulldisclosure/2025/Jun/9
- http://www.openwall.com/lists/oss-security/2025/06/05/1
- http://www.openwall.com/lists/oss-security/2025/06/05/3
- http://www.openwall.com/lists/oss-security/2025/08/18/3
- https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598
- https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/
- https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html
- https://www.openwall.com/lists/oss-security/2025/08/18/3
- https://cert-portal.siemens.com/productcert/html/ssa-082556.html
- https://www.suse.com/security/cve/CVE-2025-4598.html
- https://security-tracker.debian.org/tracker/CVE-2025-4598
- https://bugzilla.redhat.com/2369242
- https://errata.almalinux.org/9/ALSA-2025-22660.html
CWEs
CWE-364
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.