CVE-2025-8735
low
CVSS v3
3.3
CVSS v2
1.7
VIR risk
3.3
Description
A vulnerability classified as problematic was found in GNU cflow up to 1.8. Affected by this vulnerability is the function yylex of the file c.c of the component Lexer. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
Predictions
Exploit likelihood
34%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2025-8735
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | affected | |
| debian | bullseye | affected | |
| debian | forky | affected | |
| debian | sid | affected | |
| debian | trixie | affected | |
References
- https://drive.google.com/file/d/1Q_rDQSEl3cBu6SUbfqr9pV9cHgvKcXFI/view?usp=drive_link
- https://lists.gnu.org/archive/html/bug-cflow/2025-07/msg00000.html
- https://vuldb.com/?ctiid.319231
- https://vuldb.com/?id.319231
- https://vuldb.com/?submit.622328
- https://www.gnu.org/
- https://www.openwall.com/lists/oss-security/2025/10/27/12
- https://security-tracker.debian.org/tracker/CVE-2025-8735
CWEs
CWE-404 CWE-476
Verify integrity in audit chain (admin only). AS-IS.