Local Privilege Escalation Vulnerability (CVE‑2025‑12744) in Fedora ABRT Affects Servers and Workstations
What Happened – A newly disclosed CVE‑2025‑12744 allows an unprivileged user to gain root on Fedora 43 and earlier by abusing a flaw in the Automatic Bug Reporting Tool (ABRT). The exploit works via crafted UNIX‑socket messages that trigger arbitrary code execution in the ABRT daemon.
Why It Matters for TPRM –
- Critical systems running Fedora can be fully compromised without external access.
- Third‑party services that rely on Fedora containers or VMs inherit the same risk.
- Attackers can pivot from a low‑privilege foothold to control of the entire host, jeopardizing data confidentiality and service integrity.
Who Is Affected – Cloud‑hosted Linux workloads, on‑premise servers, development workstations, and any SaaS offering that ships Fedora‑based containers or images.
Recommended Actions –
- Verify that all Fedora instances are upgraded to version 44 or later (ABRT ≥ 2.17.8).
- Apply the vendor‑supplied patch for CVE‑2025‑12744 immediately.
- Review container hardening controls to restrict UNIX‑socket exposure.
- Conduct a rapid inventory of any third‑party services that still run vulnerable Fedora releases.
Technical Notes – The flaw resides in ABRT’s handling of messages sent to /var/run/abrt/abrt.socket. An attacker can craft a payload that causes the daemon to execute arbitrary commands as root. No CVE‑specific exploit code is publicly available beyond the proof‑of‑concept posted on Exploit‑DB (EDB‑ID 52515). Mitigation requires updating ABRT to 2.17.8 or disabling the daemon where not needed. Source: Exploit‑DB 52515