CVE & CISA-KEV Catalog

CVE-2025-9820

MEDIUM
4.0
CVSS v3
NVD

Description

A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.

How to fix

Remediation Available
gnutls28Debian
Fixed in:3.7.1-5+deb11u9CVE-2025-9820
Fixed in:3.7.9-2+deb12u6CVE-2025-9820
Fixed in:3.8.9-3+deb13u1CVE-2025-9820
Fixed in:3.8.11-3CVE-2025-9820
gnutlsRed Hat / RHEL
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
gnutlsRocky
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
gnutls-c++Red Hat / RHEL
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
gnutls-c++Rocky
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
gnutls-c++-debuginfoRed Hat / RHEL
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
gnutls-c++-debuginfoRocky
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
gnutls-daneRocky
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
gnutls-daneRed Hat / RHEL
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
gnutls-dane-debuginfoRed Hat / RHEL
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
gnutls-dane-debuginfoRocky
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
gnutls-debuginfoRed Hat / RHEL
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
gnutls-debuginfoRocky
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
gnutls-debugsourceRed Hat / RHEL
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
gnutls-debugsourceRocky
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
gnutls-develRocky
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
gnutls-develRed Hat / RHEL
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
gnutls-fipsRocky
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
gnutls-fipsRed Hat / RHEL
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
gnutls-utilsRed Hat / RHEL
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
gnutls-utilsRocky
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
gnutls-utils-debuginfoRocky
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
gnutls-utils-debuginfoRed Hat / RHEL
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.8.10-3.el10_1RHSA-2026:3477
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.6.16-8.el8_10.5RHSA-2026:5585
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
Fixed in:0:3.8.3-10.el9_7RHSA-2026:4188
registry.redhat.io/discovery/discoveryRed Hat / RHEL
Fixed in:server-rhel9@sha256:040dadd657afdb9f0914f896a4962fd3dbf40b70c8037e4d72b6801b766c9b7d_arm64RHSA-2026:7329
Fixed in:ui-rhel9@sha256:364ac04db0b76b761a12fe6e58c2b165a518e1035015f74dd661af2fd64636e0_arm64RHSA-2026:7329
Fixed in:ui-rhel9@sha256:062310de4b34e278f8c7e4634def673a77d1228d493541ef1264ba4cb83b68eb_amd64RHSA-2026:7329
Fixed in:server-rhel9@sha256:a3c9eb11995a4e0b695a1fc54bb99a4e8a7fe69db01545f4f641cb69b6c80dde_amd64RHSA-2026:7329
registry.redhat.io/discovery/discoveryRocky
Fixed in:ui-rhel9@sha256:364ac04db0b76b761a12fe6e58c2b165a518e1035015f74dd661af2fd64636e0_arm64RHSA-2026:7329
Fixed in:server-rhel9@sha256:040dadd657afdb9f0914f896a4962fd3dbf40b70c8037e4d72b6801b766c9b7d_arm64RHSA-2026:7329
Fixed in:ui-rhel9@sha256:062310de4b34e278f8c7e4634def673a77d1228d493541ef1264ba4cb83b68eb_amd64RHSA-2026:7329
Fixed in:server-rhel9@sha256:a3c9eb11995a4e0b695a1fc54bb99a4e8a7fe69db01545f4f641cb69b6c80dde_amd64RHSA-2026:7329
registry.redhat.io/insights-proxy/insights-proxyRed Hat / RHEL
Fixed in:container-rhel9@sha256:86431fdb1ba7fa0cbc8e82cc5fe518b7c0946b8847991fc95604b1d1cfd45e06_amd64RHSA-2026:4655
Fixed in:container-rhel9@sha256:325c34e2506d715975171557d40afb449c79cf6e0c41b35760977d5cafb827b8_arm64RHSA-2026:4655
registry.redhat.io/insights-proxy/insights-proxyRocky
Fixed in:container-rhel9@sha256:325c34e2506d715975171557d40afb449c79cf6e0c41b35760977d5cafb827b8_arm64RHSA-2026:4655
Fixed in:container-rhel9@sha256:86431fdb1ba7fa0cbc8e82cc5fe518b7c0946b8847991fc95604b1d1cfd45e06_amd64RHSA-2026:4655
registry.redhat.io/rhceph/rhcephRed Hat / RHEL
Fixed in:8-rhel9@sha256:1160569002c25d3d349bbe41b57eeffade438853d3419edca01813227440f414_amd64RHSA-2026:5606
Fixed in:8-rhel9@sha256:ba2480ebb7946082380496ad7b92b92560a8bb9ddcd8e2f94f0c502ce65c1d0c_ppc64leRHSA-2026:5606
Fixed in:8-rhel9@sha256:a0f0f9770911d6a0fc522f304942765059643193e95c9f6e505462f98a979db1_s390xRHSA-2026:5606
Fixed in:8-rhel9@sha256:2a73d2ab438040547d61bf4257a50a3d33cb5e74f40d372a865fe0db9ba9d5af_arm64RHSA-2026:5606
registry.redhat.io/rhceph/rhcephRocky
Fixed in:8-rhel9@sha256:1160569002c25d3d349bbe41b57eeffade438853d3419edca01813227440f414_amd64RHSA-2026:5606
Fixed in:8-rhel9@sha256:ba2480ebb7946082380496ad7b92b92560a8bb9ddcd8e2f94f0c502ce65c1d0c_ppc64leRHSA-2026:5606
Fixed in:8-rhel9@sha256:2a73d2ab438040547d61bf4257a50a3d33cb5e74f40d372a865fe0db9ba9d5af_arm64RHSA-2026:5606
Fixed in:8-rhel9@sha256:a0f0f9770911d6a0fc522f304942765059643193e95c9f6e505462f98a979db1_s390xRHSA-2026:5606
registry.redhat.io/rhui5/cdsRed Hat / RHEL
Fixed in:rhel9@sha256:200c27e9b396276bd505c6b41127ac5eb1d94d620172cb818ae733f2a21ac524_amd64RHSA-2026:4943
registry.redhat.io/rhui5/cdsRocky
Fixed in:rhel9@sha256:200c27e9b396276bd505c6b41127ac5eb1d94d620172cb818ae733f2a21ac524_amd64RHSA-2026:4943
registry.redhat.io/rhui5/haproxyRocky
Fixed in:rhel9@sha256:d98fd3fe5f5f9acd0efae7db19b61b864be1eb2fbe2586a1b6be2429fa2cc7a3_amd64RHSA-2026:4943
registry.redhat.io/rhui5/haproxyRed Hat / RHEL
Fixed in:rhel9@sha256:d98fd3fe5f5f9acd0efae7db19b61b864be1eb2fbe2586a1b6be2429fa2cc7a3_amd64RHSA-2026:4943
registry.redhat.io/rhui5/installerRocky
Fixed in:rhel9@sha256:2c50c87906a1abebf427a70f401c409f1258cb55d2096f517db870ec991cfd7f_amd64RHSA-2026:4943
registry.redhat.io/rhui5/installerRed Hat / RHEL
Fixed in:rhel9@sha256:2c50c87906a1abebf427a70f401c409f1258cb55d2096f517db870ec991cfd7f_amd64RHSA-2026:4943
registry.redhat.io/rhui5/rhuaRed Hat / RHEL
Fixed in:rhel9@sha256:5f1fbf66fb349a7baf066a1216d39989c3b89f18ec5108b96d9643baf4856778_amd64RHSA-2026:4943
registry.redhat.io/rhui5/rhuaRocky
Fixed in:rhel9@sha256:5f1fbf66fb349a7baf066a1216d39989c3b89f18ec5108b96d9643baf4856778_amd64RHSA-2026:4943
rhpam-7/rhpamRocky
Fixed in:operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64RHSA-2026:13812
Fixed in:businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64RHSA-2026:13812
Fixed in:controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64RHSA-2026:13812
Fixed in:dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64RHSA-2026:13812
Fixed in:kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64RHSA-2026:13812
Fixed in:smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64RHSA-2026:13812
rhpam-7/rhpamRed Hat / RHEL
Fixed in:controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64RHSA-2026:13812
Fixed in:dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64RHSA-2026:13812
Fixed in:kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64RHSA-2026:13812
Fixed in:smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64RHSA-2026:13812
Fixed in:operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64RHSA-2026:13812
Fixed in:businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64RHSA-2026:13812
rhpam-7/rhpam-businesscentralRocky
Fixed in:monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64RHSA-2026:13812
rhpam-7/rhpam-businesscentralRed Hat / RHEL
Fixed in:monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64RHSA-2026:13812
rhpam-7/rhpam-processRed Hat / RHEL
Fixed in:migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64RHSA-2026:13812
rhpam-7/rhpam-processRocky
Fixed in:migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64RHSA-2026:13812
gnutls28Ubuntu
Fixed in:3.7.3-4ubuntu1.8USN-8043-1
Fixed in:3.8.3-1.1ubuntu3.5USN-8043-1
Fixed in:3.8.9-3ubuntu2.1USN-8043-1
libgnutls30Ubuntu
Fixed in:3.7.3-4ubuntu1.8USN-8043-1
libgnutls30t64Ubuntu
Fixed in:3.8.3-1.1ubuntu3.5USN-8043-1
Fixed in:3.8.9-3ubuntu2.1USN-8043-1

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityLow

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Exploit Intelligence

0.20%probability of exploitation in 30 days
10thpercentile

Low risk: more likely to be exploited than 10% of all known CVEs.

References

Related Vulnerabilities

Other CWE-121 (Stack-based Buffer Overflow) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2025-22457Critical9.0100%KEV + RansomFix
CVE-2025-0282Critical9.0100%KEV + Ransom-
CVE-2021-20038Critical9.8100%KEV + Ransom-
CVE-2009-0927High8.897%KEVFix
CVE-2020-10924High8.887%--
CVE-2022-20705Critical10.080%--
Embed a live status badge for CVE-2025-9820
CVE-2025-9820 severity badge

Markdown

[![CVE-2025-9820](https://tridentstack.com/cve/badge/CVE-2025-9820.svg)](https://tridentstack.com/cve/CVE-2025-9820)

HTML

<a href="https://tridentstack.com/cve/CVE-2025-9820"><img src="https://tridentstack.com/cve/badge/CVE-2025-9820.svg" alt="CVE-2025-9820"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-06-30.