{
  "threat_severity" : "Important",
  "public_date" : "2025-07-04T00:00:00Z",
  "bugzilla" : {
    "description" : "mtr: From CVEorg collector",
    "id" : "2376353",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2376353"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-829",
  "details" : [ "mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTR_PACKET environment variable. NOTE: mtr on macOS may often have Sudo rules, as an indirect consequence of Homebrew not installing setuid binaries.", "A possible privilege escalation flaw was found in the MTR networking tool. This issue occurs in rare cases when the package is configured to run with sudo rules instead of setuid and stems from its improper handling in the execution of a program specified by the MTR_PACKET environment variable." ],
  "statement" : "The condition to exploit this vulnerability is not the default behavior on Linux systems and should rarely occur.\nIn Red Hat Enterprise Linux (RHEL), mtr does not rely on sudo or setuid for privilege elevation. Instead, RHEL uses file system capabilities (cap_net_raw+ep) on the mtr-packet binary to grant the necessary privileges securely without requiring full root access. As a result, the vulnerable execution path (such as /etc/mtr.is.run.under.sudo) is not used in RHEL, rendering the exploit path non-functional in this environment. There is no need for custom sudo rules for mtr, which is the only configuration impacted by the reported issue. \nFor more details see discussion upstream, https://github.com/traviscross/mtr/issues/541.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "mtr",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "mtr",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "mtr",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "mtr",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "mtr",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-49809\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-49809\nhttps://github.com/Homebrew/homebrew-core/issues/35085\nhttps://github.com/traviscross/mtr/blob/master/SECURITY\nhttps://github.com/traviscross/mtr/commit/5226f105f087c29d3cfad9f28000e7536af91ac6" ],
  "name" : "CVE-2025-49809",
  "mitigation" : {
    "value" : "No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}