CVE-2025-14104 is a vulnerability identified in the util-linux package of Red Hat Enterprise Linux 10, specifically within the setpwnam() function. This function is responsible for processing usernames and interacting with the password database. The vulnerability manifests as a heap buffer overread when handling usernames of exactly 256 bytes in length. This flaw affects SUID (Set User ID) login utilities that write to the password database, which run with elevated privileges. The buffer overread can cause the affected utilities to read beyond the allocated heap memory, potentially leading to application crashes or denial of service conditions. The vulnerability requires local privileges to exploit, as the attacker must invoke the vulnerable function with a crafted username input. No user interaction is necessary once local access is obtained. The CVSS v3.1 base score is 6.1 (medium severity), reflecting low confidentiality impact, no integrity impact, but high availability impact due to potential crashes. No known exploits are currently reported in the wild, but the presence of SUID utilities with elevated privileges makes this a concern for system stability and availability. The vulnerability highlights the risk of improper input validation and memory handling in critical system utilities that manage user authentication and authorization data.

For European organizations, this vulnerability poses a risk primarily to system availability. Exploitation could lead to denial of service on critical authentication utilities, potentially disrupting user login processes and automated system tasks relying on password database access. Organizations running Red Hat Enterprise Linux 10 in production environments, especially those in sectors such as finance, healthcare, government, and critical infrastructure, could experience operational interruptions. Although confidentiality and integrity impacts are minimal, the availability impact could cascade into broader service disruptions. Since exploitation requires local privileges, the threat is elevated in environments where internal threat actors or compromised accounts exist. The lack of known exploits reduces immediate risk but does not eliminate the need for proactive mitigation. European enterprises relying heavily on RHEL 10 for their server infrastructure should consider this vulnerability a moderate risk to system stability and continuity.

1. Apply official patches from Red Hat as soon as they become available to address the buffer overread in util-linux. 2. Restrict access to SUID login utilities that interact with the password database to trusted administrators only, minimizing the risk of local exploitation. 3. Implement strict user account management policies to prevent creation or use of usernames with abnormal lengths, especially 256-byte usernames. 4. Monitor system logs and authentication-related events for unusual crashes or errors related to user management commands. 5. Employ host-based intrusion detection systems (HIDS) to detect anomalous behavior or exploitation attempts targeting setpwnam() or related utilities. 6. Conduct regular security audits and vulnerability scans focusing on local privilege escalation vectors and SUID binaries. 7. Educate system administrators about the vulnerability and the importance of limiting local access and promptly applying security updates.