Detections
Analytics
NewStart CGSL MAIN 7.02 : binutils Multiple Vulnerabilities (NS-SA-2025-0255)
medium Nessus Plugin ID 280102
Synopsis
The remote NewStart CGSL host is affected by multiple vulnerabilities.Description
The remote NewStart CGSL host, running version MAIN 7.02, has binutils packages installed that are affected by multiple vulnerabilities:- A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. (CVE-2025-5245)
- A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow.
The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with [f]ixed for 2.46. (CVE-2025-11082)
- A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow.
The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with [f]ixed for 2.46. (CVE-2025-11083)
- A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component. (CVE-2025-5244)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade the vulnerable CGSL binutils packages. Note that updated packages may not be available yet. Please contact ZTE for more information.See Also
https://security.gd-linux.com/notice/NS-SA-2025-0255
https://security.gd-linux.com/info/CVE-2025-11082
https://security.gd-linux.com/info/CVE-2025-11083
Plugin Details
Severity: Medium
ID: 280102
File Name: newstart_cgsl_NS-SA-2025-0255_binutils.nasl
Version: 1.1
Type: local
Published: 12/27/2025
Updated: 12/27/2025
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.4
Vector: CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:P
CVSS Score Source: CVE-2025-5245
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
CVSS v4
Risk Factor: Medium
Base Score: 4.8
Threat Score: 1.9
Threat Vector: CVSS:4.0/E:P
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Vulnerability Information
CPE: p-cpe:/a:zte:cgsl_main:binutils-doc, p-cpe:/a:zte:cgsl_main:binutils-devel, cpe:/o:zte:cgsl_main:7, p-cpe:/a:zte:cgsl_main:binutils, p-cpe:/a:zte:cgsl_main:binutils-gold
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/ZTE-CGSL/release, Host/ZTE-CGSL/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 12/27/2025
Vulnerability Publication Date: 5/27/2025
Reference Information
CVE: CVE-2025-11082, CVE-2025-11083, CVE-2025-5244, CVE-2025-5245
IAVA: 2025-A-0890