CVE-2025-15504

Name: CVE-2025-15504
Creator: NVD / NIST
Published: 2026-01-10T12:15:49.57+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

LOWCVSS 1.9/10EPSS 0.24%

Last modified Jun 17, 2026

CVE-2025-15504 is a low-severity vulnerability rated 1.9/10 on the CVSS scale. A security flaw has been discovered in lief-project LIEF up to 0.17.1. Affected by this issue is the function Parser::parse_binary of the file src/ELF/Parser.tcc of the component ELF Binary Parser. EPSS estimates a 0.24% chance of exploitation in the next 30 days.

Description

A security flaw has been discovered in lief-project LIEF up to 0.17.1. Affected by this issue is the function Parser::parse_binary of the file src/ELF/Parser.tcc of the component ELF Binary Parser. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. Upgrading to version 0.17.2 can resolve this issue. The patch is identified as 81bd5d7ea0c390563f1c4c017c9019d154802978. It is recommended to upgrade the affected component.

Metrics

CVSS 3.1

5.5/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 4.0

1.9/10

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability

0.24%

15.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Lief-Project	Lief	< 0.17.2

References

https://github.com/lief-project/LIEF/
https://github.com/lief-project/LIEF/commit/81bd5d7ea0c390563f1c4c017c9019d154802978Patch
https://github.com/lief-project/LIEF/issues/1277Exploit, Issue Tracking, Patch
https://github.com/lief-project/LIEF/issues/1277#issuecomment-3693859001Exploit, Issue Tracking, Patch
https://github.com/lief-project/LIEF/releases/tag/0.17.2Release Notes
https://github.com/oneafter/1210/blob/main/segv1Product
https://vuldb.com/?ctiid.340375Permissions Required, VDB Entry
https://vuldb.com/?id.340375Third Party Advisory, VDB Entry
https://vuldb.com/?submit.733329Exploit, Third Party Advisory, VDB Entry
https://github.com/lief-project/LIEF/issues/1277Exploit, Issue Tracking, Patch
https://github.com/lief-project/LIEF/issues/1277#issuecomment-3693859001Exploit, Issue Tracking, Patch
https://vuldb.com/?submit.733329Exploit, Third Party Advisory, VDB Entry

Timeline

Published: Jan 10, 2026
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2025-15504?

How severe is CVE-2025-15504?

CVE-2025-15504 has a CVSS score of 1.9/10 (LOW severity). The EPSS model estimates a 0.24% probability of exploitation in the next 30 days.

How do I fix CVE-2025-15504?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-15504?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST