CVE-2025-10824

CVE-2025-10824

Name

CVE-2025-10824

Description

A vulnerability was determined in axboe fio up to 3.41. This impacts the function __parse_jobs_ini of the file init.c. Executing manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
issue-tracking	https://github.com/axboe/fio/issues/1981
exploit	https://github.com/user-attachments/files/22266756/poc.zip
signature	https://vuldb.com/?ctiid.325181
vdb-entry	https://vuldb.com/?id.325181
third-party-advisory	https://vuldb.com/?submit.654072

Type

URI

issue-tracking

https://github.com/axboe/fio/issues/1981

exploit

https://github.com/user-attachments/files/22266756/poc.zip

signature

https://vuldb.com/?ctiid.325181

vdb-entry

https://vuldb.com/?id.325181

third-party-advisory

https://vuldb.com/?submit.654072

Match rules

Source package	Min version	Max version
fio	== 3.0	== 3.0
fio	== 3.1	== 3.1
fio	== 3.2	== 3.2
fio	== 3.3	== 3.3
fio	== 3.4	== 3.4
fio	== 3.5	== 3.5
fio	== 3.6	== 3.6
fio	== 3.7	== 3.7
fio	== 3.8	== 3.8
fio	== 3.9	== 3.9
fio	== 3.10	== 3.10
fio	== 3.11	== 3.11
fio	== 3.12	== 3.12
fio	== 3.13	== 3.13
fio	== 3.14	== 3.14
fio	== 3.15	== 3.15
fio	== 3.16	== 3.16
fio	== 3.17	== 3.17
fio	== 3.18	== 3.18
fio	== 3.19	== 3.19
fio	== 3.20	== 3.20
fio	== 3.21	== 3.21
fio	== 3.22	== 3.22
fio	== 3.23	== 3.23
fio	== 3.24	== 3.24
fio	== 3.25	== 3.25
fio	== 3.26	== 3.26
fio	== 3.27	== 3.27
fio	== 3.28	== 3.28
fio	== 3.29	== 3.29
fio	== 3.30	== 3.30
fio	== 3.31	== 3.31
fio	== 3.32	== 3.32
fio	== 3.33	== 3.33
fio	== 3.34	== 3.34
fio	== 3.35	== 3.35
fio	== 3.36	== 3.36
fio	== 3.37	== 3.37
fio	== 3.38	== 3.38
fio	== 3.39	== 3.39
fio	== 3.40	== 3.40
fio	== 3.41	== 3.41

CPE URI

Source package

Min version

Max version

fio

== 3.0

fio

== 3.1

fio

== 3.2

fio

== 3.3

fio

== 3.4

fio

== 3.5

fio

== 3.6

fio

== 3.7

fio

== 3.8

fio

== 3.9

fio

== 3.10

fio

== 3.11

fio

== 3.12

fio

== 3.13

fio

== 3.14

fio

== 3.15

fio

== 3.16

fio

== 3.17

fio

== 3.18

fio

== 3.19

fio

== 3.20

fio

== 3.21

fio

== 3.22

fio

== 3.23

fio

== 3.24

fio

== 3.25

fio

== 3.26

fio

== 3.27

fio

== 3.28

fio

== 3.29

fio

== 3.30

fio

== 3.31

fio

== 3.32

fio

== 3.33

fio

== 3.34

fio

== 3.35

fio

== 3.36

fio

== 3.37

fio

== 3.38

fio

== 3.39

fio

== 3.40

fio

== 3.41

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
fio	edge-community	3.38-r0	wener <wenermail@gmail.com>	possibly vulnerable
fio	edge-community	3.39-r0	wener <wenermail@gmail.com>	possibly vulnerable
fio	3.22-community	3.38-r0	wener <wenermail@gmail.com>	possibly vulnerable
fio	3.22-community	3.39-r0	wener <wenermail@gmail.com>	possibly vulnerable
fio	edge-community	3.41-r0	wener <wenermail@gmail.com>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

fio

edge-community

3.38-r0

wener <wenermail@gmail.com>

possibly vulnerable

fio

edge-community