CVE-2025-15504 is a vulnerability identified in the LIEF (Library to Instrument Executable Formats) project, specifically affecting versions 0.17.0 and 0.17.1. The flaw resides in the ELF binary parser component, within the Parser::parse_binary function located in src/ELF/Parser.tcc. The vulnerability manifests as a null pointer dereference when processing crafted ELF binaries, which can cause the application using LIEF to crash or behave unexpectedly. The attack vector requires local access with limited privileges (local attack vector with low complexity) and does not require user interaction or elevated privileges. The vulnerability does not compromise confidentiality or integrity but impacts availability by causing denial of service conditions. The vulnerability has a CVSS 4.8 (medium) score, reflecting its limited impact and exploitation complexity. A public exploit has been released, increasing the risk of exploitation in local environments. The issue is patched in LIEF version 0.17.2, with the fix identified by commit 81bd5d7ea0c390563f1c4c017c9019d154802978. Organizations relying on LIEF for ELF binary parsing, such as in malware analysis, reverse engineering, or security tooling, should upgrade promptly to mitigate risks.

For European organizations, the primary impact is the potential for denial of service on systems utilizing LIEF for ELF binary parsing, which could disrupt security tools, malware analysis platforms, or software development pipelines. Since exploitation requires local access, the threat is mainly to internal systems or environments where untrusted users have local accounts or can execute code. The availability impact could lead to operational delays or interruptions in security monitoring and analysis workflows. There is no direct risk to data confidentiality or integrity from this vulnerability. However, the presence of a public exploit increases the likelihood of opportunistic attacks in environments where LIEF is deployed. Organizations in sectors with high reliance on ELF binary analysis, such as cybersecurity firms, software vendors, and research institutions, may experience more significant operational impacts.

To mitigate this vulnerability, European organizations should immediately upgrade LIEF to version 0.17.2 or later, which contains the patch for this null pointer dereference issue. Additionally, restrict local access to systems running LIEF-based tools to trusted users only, minimizing the risk of local exploitation. Implement strict access controls and monitoring on systems where ELF parsing occurs, especially in shared or multi-user environments. Employ application whitelisting and endpoint protection to detect and prevent execution of untrusted ELF binaries that could trigger the vulnerability. Regularly audit and update all dependencies in software development and analysis environments to ensure timely application of security patches. Finally, consider sandboxing or isolating ELF parsing operations to limit the impact of potential crashes or denial of service conditions.