CVE-2025-9403

Summary

A vulnerability was determined in jqlang jq up to 1.6. Impacted is the function run_jq_tests of the file jq_test.c of the component JSON Parser. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Other versions might be affected as well.

Affected Software

VendorProductVersion RangeStatus
jqlangjq1.0affected
jqlangjq1.1affected
jqlangjq1.2affected
jqlangjq1.3affected
jqlangjq1.4affected
jqlangjq1.5affected
jqlangjq1.6affected

Weaknesses

  • CWE-617: Reachable Assertion

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References