CVE-2025-69650 identifies a double free vulnerability in the GNU Binutils readelf utility through version 2.46. The vulnerability arises when readelf processes a crafted ELF binary containing malformed relocation data, specifically during the handling of Global Offset Table (GOT) relocations. The function dump_relocations may exit prematurely without initializing the all_relocations array. Consequently, process_got_section_contents() attempts to free an uninitialized r_symbol pointer, resulting in a double free condition. This double free triggers the program to terminate with a SIGABRT signal, causing a denial of service. Importantly, no evidence indicates that this vulnerability leads to exploitable memory corruption or arbitrary code execution. The vulnerability is classified under CWE-415 (Double Free). Exploitation requires no privileges or user interaction and can be triggered by supplying a malicious ELF file to readelf. The vulnerability's impact is limited to crashing the readelf process, which may disrupt workflows or automated systems relying on this tool. The issue is disputed by third parties because the problematic behavior was observed only in pre-release code and reportedly does not affect any tagged stable versions. No patches or fixes are currently linked, and no known exploits exist in the wild. The CVSS v3.1 base score is 7.5, reflecting high severity due to network attack vector, low attack complexity, no privileges required, no user interaction, and high impact on availability.

The primary impact of CVE-2025-69650 is denial of service against the readelf utility within GNU Binutils. Organizations that utilize readelf for ELF binary inspection, debugging, or automated build and analysis pipelines may experience process crashes when processing crafted or malformed ELF files. This could disrupt development workflows, continuous integration systems, or security analysis tools that rely on readelf, potentially delaying operations or causing system instability. Since readelf is widely used in Unix-like environments for ELF file introspection, the vulnerability could affect a broad range of software development and security teams. However, the lack of evidence for memory corruption or code execution limits the risk to availability rather than confidentiality or integrity. No known exploits in the wild reduce immediate risk, but the vulnerability could be leveraged by attackers to cause targeted denial of service in environments where untrusted ELF files are processed automatically. The disputed nature of the vulnerability's presence in stable releases may limit exposure, but organizations should remain cautious. Overall, the impact is significant for availability but does not extend to data breach or system compromise.

To mitigate CVE-2025-69650, organizations should first verify the version of GNU Binutils in use and avoid using pre-release or untagged versions of readelf that may contain this vulnerability. Until an official patch is released, consider the following specific measures: 1) Implement input validation or filtering to prevent processing of untrusted or malformed ELF binaries with readelf, especially in automated pipelines. 2) Employ sandboxing or containerization to isolate readelf executions, limiting the impact of potential crashes on the host system. 3) Monitor and restrict access to systems that process ELF files to trusted users and sources to reduce exposure to crafted malicious files. 4) Use alternative ELF inspection tools that are not affected by this vulnerability if immediate mitigation is required. 5) Stay updated with GNU Binutils security advisories and apply patches promptly once available. 6) Incorporate error handling and process monitoring to automatically restart or recover from readelf crashes to maintain workflow continuity. These targeted mitigations go beyond generic advice by focusing on controlling input sources, isolating vulnerable processes, and maintaining operational resilience.