CVE-2025-9403Reachable Assertion in JQ

CWE-617Reachable Assertion7 documents7 sources
Severity
4.8MEDIUMNVD
EPSS
0.0%
top 92.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jqlang JQ
Timeline
PublishedAug 25

Description

A vulnerability was determined in jqlang jq up to 1.6. Impacted is the function run_jq_tests of the file jq_test.c of the component JSON Parser. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Other versions might be affected as well.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

NVDjqlang/jq1.6
CVEListV5jqlang/jq7 versions+6

🔴Vulnerability Details

3
OSV
CVE-2025-9403: A vulnerability was determined in jqlang jq up to 12025-08-25
GHSA
GHSA-45r2-rx5v-q5f6: A vulnerability was determined in jqlang jq up to 12025-08-25
CVEList
jqlang jq JSON jq_test.c run_jq_tests assertion2025-08-25

📋Vendor Advisories

3
Red Hat
jq: assertion failure in run_jq_tests() of the file jq_test.c2025-08-25
Microsoft
jqlang jq JSON jq_test.c run_jq_tests assertion2025-08-12
Debian
CVE-2025-9403: jq - A vulnerability was determined in jqlang jq up to 1.6. Impacted is the function ...2025
CVE-2025-9403 — Reachable Assertion in Jqlang JQ | cvebase