CVE-2025-9403

jqlang jq JSON jq_test.c run_jq_tests assertion

Published: 8/25/2025 Last updated: 8/25/2025 Reserved: 8/24/2025

A vulnerability was determined in jqlang jq up to 1.6. Impacted is the function run_jq_tests of the file jq_test.c of the component JSON Parser. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Other versions might be affected as well.

CNA assigner: VulDB (1af790b2-7ee1-4545-860a-a788eba489b5) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
4.0	1.9	Low	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
3.1	3	Low	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
3.0	3	Low	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
2.0	1.5	Low	CVSS:2.0/AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR

Opam packages affected (2)

conf-jq travis-opam

Products affected (1)

Product	Vendor	Version
jq	jqlang	Android kernel

References (7)

Credits (1)

2 xdcao (VulDB User)