Vulnerability Details CVE-2025-54409
AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An attacker can crash the program during report printing or database listing after setting extended file attributes with an empty attribute value or with a key containing a comma. A local user might exploit this to cause a local denial of service. This issue has been patched in version 0.19.2. A workaround involves removing xattrs group from rules matching files on affected file systems.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.1%
CVSS Severity
CVSS v3 Score 6.2
References
Products affected by CVE-2025-54409
-
Advanced Intrusion Detection Environment Project » Advanced Intrusion Detection Environment » Version: 0.13cpe:2.3:a:advanced_intrusion_detection_environment_project:advanced_intrusion_detection_environment:0.13
-
Advanced Intrusion Detection Environment Project » Advanced Intrusion Detection Environment » Version: 0.13.1cpe:2.3:a:advanced_intrusion_detection_environment_project:advanced_intrusion_detection_environment:0.13.1
-
Advanced Intrusion Detection Environment Project » Advanced Intrusion Detection Environment » Version: 0.14cpe:2.3:a:advanced_intrusion_detection_environment_project:advanced_intrusion_detection_environment:0.14
-
Advanced Intrusion Detection Environment Project » Advanced Intrusion Detection Environment » Version: 0.14.1cpe:2.3:a:advanced_intrusion_detection_environment_project:advanced_intrusion_detection_environment:0.14.1
-
Advanced Intrusion Detection Environment Project » Advanced Intrusion Detection Environment » Version: 0.14.2cpe:2.3:a:advanced_intrusion_detection_environment_project:advanced_intrusion_detection_environment:0.14.2
-
Advanced Intrusion Detection Environment Project » Advanced Intrusion Detection Environment » Version: 0.15cpe:2.3:a:advanced_intrusion_detection_environment_project:advanced_intrusion_detection_environment:0.15
-
Advanced Intrusion Detection Environment Project » Advanced Intrusion Detection Environment » Version: 0.15.1cpe:2.3:a:advanced_intrusion_detection_environment_project:advanced_intrusion_detection_environment:0.15.1
-
Advanced Intrusion Detection Environment Project » Advanced Intrusion Detection Environment » Version: 0.16cpe:2.3:a:advanced_intrusion_detection_environment_project:advanced_intrusion_detection_environment:0.16
-
Advanced Intrusion Detection Environment Project » Advanced Intrusion Detection Environment » Version: 0.16.1cpe:2.3:a:advanced_intrusion_detection_environment_project:advanced_intrusion_detection_environment:0.16.1
-
Advanced Intrusion Detection Environment Project » Advanced Intrusion Detection Environment » Version: 0.16.2cpe:2.3:a:advanced_intrusion_detection_environment_project:advanced_intrusion_detection_environment:0.16.2
-
Advanced Intrusion Detection Environment Project » Advanced Intrusion Detection Environment » Version: 0.17cpe:2.3:a:advanced_intrusion_detection_environment_project:advanced_intrusion_detection_environment:0.17
-
Advanced Intrusion Detection Environment Project » Advanced Intrusion Detection Environment » Version: 0.17.1cpe:2.3:a:advanced_intrusion_detection_environment_project:advanced_intrusion_detection_environment:0.17.1
-
Advanced Intrusion Detection Environment Project » Advanced Intrusion Detection Environment » Version: 0.17.2cpe:2.3:a:advanced_intrusion_detection_environment_project:advanced_intrusion_detection_environment:0.17.2
-
Advanced Intrusion Detection Environment Project » Advanced Intrusion Detection Environment » Version: 0.17.3cpe:2.3:a:advanced_intrusion_detection_environment_project:advanced_intrusion_detection_environment:0.17.3
-
Advanced Intrusion Detection Environment Project » Advanced Intrusion Detection Environment » Version: 0.17.4cpe:2.3:a:advanced_intrusion_detection_environment_project:advanced_intrusion_detection_environment:0.17.4