CVE-2025-29481

Published: 4/7/2025 Last updated: 2/25/2026 Reserved: 3/11/2025

Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpf_object__init_prog` function of libbpf. This has been disputed by third parties who assert that "no one in their sane mind should be passing untrusted ELF files into libbpf while running under root."

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	6.2	Medium	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Opam packages affected (1)

conf-libbpf

Products affected (2)

Product	Vendor	Version
n/a	n/a	<= 6.16.*
n/a	n/a	<= 4.19.*

References (4)

https://github.com/lmarch2/poc/blob/main/libbpf/libbpf.md
https://github.com/lmarch2/poc/blob/main/libbpf/libbpf.md
https://github.com/lmarch2/poc/blob/main/libbpf/libbpf.md
https://github.com/lmarch2/poc/blob/main/libbpf/libbpf.md