glibc Flaw Lets Hackers Run Code on Millions of Linux Systems

A critical vulnerability in the GNU C Library (glibc) is putting millions of Linux systems at risk of local privilege escalation and arbitrary code execution, according to a security advisory published May 16. Tracked as CVE-2025-4802, the flaw affects glibc versions 2.27 through 2.38 and stems from improper handling of the LD_LIBRARY_PATH environment variable in statically linked setuid binaries using the dlopen() function.

The vulnerability, introduced in 2017 and patched in version 2.39, allows attackers with local access to execute unauthorized code by placing malicious libraries in directories referenced by LD_LIBRARY_PATH. While no active exploits have been identified, the risk remains high in environments running legacy or custom setuid binaries.

Linux distributions including Ubuntu, Debian, and Rocky Linux are affected. Administrators are urged to upgrade to glibc 2.39, apply vendor patches, audit for vulnerable binaries, and enforce additional protections with SELinux or AppArmor. The flaw carries a CVSS 3.1 score of 9.8.