CVE-2025-66864 is a vulnerability discovered in the GNU BinUtils package version 2.26, specifically in the function d_print_comp_inner located in the cp-demangle.c source file. BinUtils is a collection of binary tools widely used in software development and system maintenance, including tools for handling executable files. The vulnerability arises when the affected function processes a crafted PE (Portable Executable) file, a common executable format primarily used on Windows platforms but sometimes analyzed or manipulated on Unix-like systems using BinUtils. The flaw allows an attacker to trigger a denial of service by causing the function to crash or hang, effectively disrupting the availability of the tool or the system using it. The CVSS v3.1 base score is 5.5, indicating a medium severity level. The vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H indicates that the attack requires local access (AV:L), low complexity (AC:L), no privileges (PR:N), but does require user interaction (UI:R). The scope is unchanged (S:U), and the impact is limited to availability (A:H) without affecting confidentiality or integrity. The vulnerability is classified under CWE-20, which relates to improper input validation, suggesting that the crafted PE file exploits insufficient validation or sanitization of input data. No patches or fixes are currently linked, and no known exploits have been reported in the wild. This vulnerability primarily affects environments where BinUtils 2.26 is used to process PE files, such as cross-platform development or reverse engineering scenarios.

For European organizations, the primary impact of CVE-2025-66864 is the potential disruption of development, build, or analysis workflows that rely on BinUtils 2.26. Since the vulnerability leads to denial of service, affected systems or tools may crash or become unresponsive when processing maliciously crafted PE files. This can cause downtime, delay in software development cycles, or interruption in automated build pipelines. Organizations involved in cross-platform software development, security research, or malware analysis that handle PE files on Linux or Unix systems are particularly at risk. Although the vulnerability does not compromise confidentiality or integrity, the availability impact can affect operational continuity and productivity. Critical infrastructure sectors that depend on open source toolchains for software maintenance or deployment could face increased risk of disruption. However, exploitation requires local access and user interaction, which limits remote exploitation and large-scale automated attacks. The absence of known exploits in the wild reduces immediate threat levels but does not eliminate the risk of future exploitation once details become widely known.

European organizations should prioritize upgrading GNU BinUtils to a version where this vulnerability is patched once it becomes available. Until an official patch is released, organizations can mitigate risk by restricting local access to systems running BinUtils 2.26, especially limiting the ability of untrusted users to execute or supply PE files for processing. Implement strict input validation and sandboxing around tools that invoke BinUtils for PE file handling to contain potential crashes and prevent system-wide impact. Incorporate monitoring to detect abnormal crashes or hangs of BinUtils-related processes. For development environments, consider isolating build systems and restricting user interaction that could trigger the vulnerability. Additionally, review and harden user permissions to reduce the likelihood of unauthorized local access. Security teams should maintain awareness of updates from GNU BinUtils maintainers and apply patches promptly. Finally, conduct internal audits to identify all systems using BinUtils 2.26 and assess exposure to crafted PE files.