CVE-2025-10824 - Vulnerability Details

- axboe fio init.c __parse_jobs_ini use after free

Description

A vulnerability was determined in axboe fio up to 3.41. This impacts the function __parse_jobs_ini of the file init.c. Executing manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized.

Published: 2025-09-23

Score: 4.8 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

axboe

fio

affected

Version	Status	Constraints
`3.0`	affected	—
`3.1`	affected	—
`3.2`	affected	—
`3.3`	affected	—
`3.4`	affected	—
`3.5`	affected	—
`3.6`	affected	—
`3.7`	affected	—
`3.8`	affected	—
`3.9`	affected	—
`3.10`	affected	—
`3.11`	affected	—
`3.12`	affected	—
`3.13`	affected	—
`3.14`	affected	—
`3.15`	affected	—
`3.16`	affected	—
`3.17`	affected	—
`3.18`	affected	—
`3.19`	affected	—
`3.20`	affected	—
`3.21`	affected	—
`3.22`	affected	—
`3.23`	affected	—
`3.24`	affected	—
`3.25`	affected	—
`3.26`	affected	—
`3.27`	affected	—
`3.28`	affected	—
`3.29`	affected	—
`3.30`	affected	—
`3.31`	affected	—
`3.32`	affected	—
`3.33`	affected	—
`3.34`	affected	—
`3.35`	affected	—
`3.36`	affected	—
`3.37`	affected	—
`3.38`	affected	—
`3.39`	affected	—
`3.40`	affected	—
`3.41`	affected	—

No data.

Vendor	Product	Confidence	Versions
Axboe	Fio	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-30437	A vulnerability was determined in axboe fio up to 3.41. This impacts the function __parse_jobs_ini of the file init.c. Executing manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00018.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/axboe/fio/issues/1981
https://github.com/user-attachments/files/22266756/poc.zip
https://vuldb.com/?ctiid.325181
https://vuldb.com/?id.325181
https://vuldb.com/?submit.654072

History

Tue, 23 Sep 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 23 Sep 2025 16:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Axboe Axboe fio
Vendors & Products		Axboe Axboe fio

Tue, 23 Sep 2025 00:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was determined in axboe fio up to 3.41. This impacts the function __parse_jobs_ini of the file init.c. Executing manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized.
Title		axboe fio init.c __parse_jobs_ini use after free
Weaknesses		CWE-119 CWE-416
References		https://github.com/axboe/fio/issues/1981 https://github.com/user-attachments/files/22266756/poc.zip https://vuldb.com/?ctiid.325181 https://vuldb.com/?id.325181 https://vuldb.com/?submit.654072
Metrics		cvssV2_0 `{'score': 4.3, 'vector': 'AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 5.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Axboe Fio

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2025-09-23T00:02:06.575Z

Updated: 2025-09-23T19:55:20.846Z

Reserved: 2025-09-21T16:05:26.134Z

Link: CVE-2025-10824

Vulnrichment

Updated: 2025-09-23T19:55:09.186Z

NVD

Status : Deferred

Published: 2025-09-23T01:15:36.197

Modified: 2026-04-29T01:00:01.613

Link: CVE-2025-10824

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-09-23T16:03:24Z

Weaknesses

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object