CVE-2025-8845 is a stack-based buffer overflow vulnerability identified in the NASM (Netwide Assembler) version 2.17rc0, specifically within the assemble_file function in the nasm.c source file. NASM is a widely used assembler for the x86 architecture, commonly employed by developers, security researchers, and in various build environments. The vulnerability arises from improper handling of input data during the assembly process, which allows an attacker to overwrite the stack memory. This can lead to undefined behavior including potential code execution or program crashes. The attack vector is local, meaning an attacker must have some level of access to the host system to trigger the vulnerability. The vulnerability does not require user interaction but does require low-level privileges (PR:L) to exploit. The CVSS 4.0 base score is 4.8, reflecting a medium severity with local attack vector, low complexity, no user interaction, and limited impact on confidentiality, integrity, and availability. Although the exploit has been publicly disclosed, there are no known exploits in the wild at this time. No official patches or mitigations have been linked yet. Given NASM’s role in software development and build pipelines, exploitation could allow an attacker to escalate privileges or execute arbitrary code within the context of the assembler process, potentially compromising build environments or developer workstations.

For European organizations, the impact of this vulnerability depends largely on the extent to which NASM 2.17rc0 is used within their development or build environments. Organizations involved in software development, embedded systems, or security research that rely on NASM could be at risk. Exploitation could lead to local privilege escalation or arbitrary code execution, potentially allowing attackers to compromise build servers or developer machines. This could result in the insertion of malicious code into software builds, supply chain compromises, or disruption of development workflows. While the attack requires local access and low privileges, insider threats or attackers who have gained initial footholds could leverage this vulnerability to deepen their access. The medium severity score indicates moderate risk, but the potential for supply chain impact elevates concern for organizations with critical software development operations in Europe.

1. Immediate mitigation should include auditing all systems for the presence of NASM version 2.17rc0 and restricting access to trusted users only. 2. Employ strict access controls and monitoring on developer and build environments to detect unauthorized local access attempts. 3. Until an official patch is released, consider downgrading to a known secure NASM version or using alternative assemblers if feasible. 4. Implement runtime protections such as stack canaries, address space layout randomization (ASLR), and control flow integrity (CFI) on systems running NASM to reduce exploitation likelihood. 5. Conduct thorough code reviews and integrity checks on build outputs to detect any unauthorized modifications. 6. Educate developers and system administrators about the risk and signs of exploitation to improve early detection. 7. Monitor public vulnerability databases and vendor advisories for patches or further updates related to this CVE.