cbcvebase.
CVE-2025-49809
published 2025-07-04

CVE-2025-49809: mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTR_PACKET environment variable. NOTE: mtr on macOS may…

PriorityP338high7.8CVSS 3.1
AVLACHPRLUINSCCHIHAH
EPSS
0.14%
3.9th percentile
mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTR_PACKET environment variable. NOTE: mtr on macOS may often have Sudo rules, as an indirect consequence of Homebrew not installing setuid binaries.

Affected

4 ranges
VendorProductVersion rangeFixed in
debianmtr
msrcazl3_mtr_0.95-2_on_azure_linux_3.0
msrcazl3_mtr_0.95-3_on_azure_linux_3.0
mtrmtr<= 0.95

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
osv7.8HIGH
vendor_debian7.8LOW
vendor_msrc7.8HIGH
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.