jqlang jq JSON jq_test.c run_jq_tests assertion_CVE-2025-9403

4.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was determined in jqlang jq up to 1.6. Impacted is the function run_jq_tests of the file jq_test.c of the component JSON Parser. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Other versions might be affected as well.

Basic Information

ID CVE-2025-9403

Source VulDB

Published Aug 25, 2025 at 02:02

Affected Product

Vendor jqlang

Product jq

Version 1.0

Affected Versions jqlang jq 1.0
jqlang jq 1.1
jqlang jq 1.2
jqlang jq 1.3
jqlang jq 1.4
jqlang jq 1.5
jqlang jq 1.6

CWE Classification

CWE-617

References

{
    "lastseen": "",
    "description": "A vulnerability was determined in jqlang jq up to 1.6. Impacted is the function run_jq_tests of the file jq_test.c of the component JSON Parser. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Other versions might be affected as well.",
    "published": "2025-08-25T02:02:07.038Z",
    "modified": "2025-08-25T02:02:07.038Z",
    "type": "cve",
    "title": "jqlang jq JSON jq_test.c run_jq_tests assertion",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.321239\nhttps://vuldb.com/?ctiid.321239\nhttps://vuldb.com/?submit.633170\nhttps://github.com/jqlang/jq/issues/3393\nhttps://drive.google.com/file/d/1r8m9PhU_rk-QPj6OMcs415FcvWPD-zJY/view?usp=sharing",
    "id": "CVE-2025-9403",
    "bulletinFamily": "",
    "cwe": [
        "CWE-617"
    ],
    "cvelist": null,
    "sourceData": "jqlang jq 1.0\njqlang jq 1.1\njqlang jq 1.2\njqlang jq 1.3\njqlang jq 1.4\njqlang jq 1.5\njqlang jq 1.6",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "jq",
    "version": "1.0",
    "vendor": "jqlang",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}