CVE-2025-65409

CVE-2025-65409

Name

CVE-2025-65409

Description

A divide-by-zero in the encryption/decryption routines of GNU Recutils v1.9 allows attackers to cause a Denial of Service (DoS) via inputting an empty value as a password.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
cve@mitre.org	http://ftp.gnu.org/gnu/recutils/
cve@mitre.org	https://github.com/MAXEUR5/Vulnerability_Disclosures/blob/main/2025/CVE-2025-65409.md
cve@mitre.org	https://lists.gnu.org/archive/html/bug-recutils/2025-10/msg00004.html
cve@mitre.org	https://www.gnu.org/software/recutils/

Type

URI

cve@mitre.org

http://ftp.gnu.org/gnu/recutils/

cve@mitre.org

https://github.com/MAXEUR5/Vulnerability_Disclosures/blob/main/2025/CVE-2025-65409.md

cve@mitre.org

https://lists.gnu.org/archive/html/bug-recutils/2025-10/msg00004.html

cve@mitre.org

https://www.gnu.org/software/recutils/

CPE URI	Source package	Min version	Max version
	n/a	== n/a	== None
`cpe:2.3:a:gnu:recutils:1.9:::::::*`	recutils	== None	== 1.9

CPE URI

Source package

Min version

Max version

n/a

== n/a

== None

cpe:2.3:a:gnu:recutils:1.9:*:*:*:*:*:*:*

recutils

== None

== 1.9

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
recutils	edge-community	1.9-r2	Will Sinatra <wpsinatra@gmail.com>	possibly vulnerable
recutils	edge-community	1.9-r0	Will Sinatra <wpsinatra@gmail.com>	possibly vulnerable
recutils	3.23-community	1.9-r2	Will Sinatra <wpsinatra@gmail.com>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

recutils

edge-community

1.9-r2

Will Sinatra <wpsinatra@gmail.com>

possibly vulnerable

recutils

edge-community