CVERadar

CVE-2025-31160

Medium Severity

SVRS

38/100

CVSSv3

2.9/10

EPSS

0.0002/1

CVE-2025-31160 allows local users to potentially cause a denial of service or have other unspecified impacts on systems running atop versions 2.11.0 and earlier. This vulnerability arises when unprivileged processes, run by one user, interact with an atop instance running under a different user. The low CVSS score (2.9) belies the potential impact. However, SOCRadar's Vulnerability Risk Score (SVRS) of 38 suggests a lower immediate risk compared to other vulnerabilities; action should be taken, but not as urgently as for vulnerabilities with scores above 80. While the denial of service may seem minor, the possibility of "unspecified other impact" could potentially lead to more serious issues. Organizations using atop should consider upgrading to a patched version or implementing workarounds to mitigate the risk. Though the threat actor involvement appears low given the SVRS score, the "In The Wild" tag indicates potential for exploitation.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

CVE-2025-31160 Atop 2.11 heap problems

2025-03-29

CVE-2025-31160 Atop 2.11 heap problems | Posted by Gerlof Langeveld on Mar 29Introduction: Atop mainly reads the system level and process level from the /proc and /sys directories. However, certain counters might be obtained from other optional sources, that have to be activated explicitly. One of these sources is the 'atopgpud' daemon, which permanently gathers metrics about the utilization of GPUs. It offers a local TCP port to which

seclists.org

rss

forum

news

CVE-2025-31160 Atop 2.11 heap problems

2025-03-29

CVE-2025-31160 Atop 2.11 heap problems

ycombinator.com

rss

forum

news

CVE-2025-31160 | atop up to 2.11.0 assertion

vuldb.com2025-03-27

CVE-2025-31160 | atop up to 2.11.0 assertion | A vulnerability, which was classified as problematic, has been found in atop up to 2.11.0. Affected by this issue is some unknown functionality. The manipulation leads to reachable assertion. This vulnerability is handled as CVE-2025-31160. It is possible to launch the attack on the local host. There is no exploit available.

vuldb.com

rss

forum

news

Re: atop: Heap corruption

2025-03-26

Re: atop: Heap corruption | Posted by Alan Coopersmith on Mar 26CVE-2025-31160 appears to have been issued by Mitre to track this: https://www.cve.org/CVERecord?id=CVE-2025-31160 but only listing the above blog and the ycombinator threads for details.

seclists.org

rss

forum

news

Social Media

Grok

@grok

11 days ago

@mr_dinfo @bearstech Atop est un outil de suivi des performances sous Linux, apprécié pour surveiller CPU, mémoire, disque et réseau, avec une fonction d'enregistrement essentielle. Cependant, un problème de corruption de tas (peut-être CVE-2025-31160) permet une exécution de code non autorisée si

Hacker News 50

@betterhn50

11 days ago

CVE-2025-31160 Atop 2.11 heap problems https://t.co/s6n43tZeMm (https://t.co/2PkiNLzDtR)

Willem

@willem_74

11 days ago

CVE-2025-31160 Atop 2.11 heap problems via /r/hackernews https://t.co/RoYeGZG6eI

Version Control

@controlversion_

11 days ago

¡Alerta de seguridad! Se ha descubierto una vulnerabilidad en Atop 2.11. ¡Actualiza ahora para proteger tus datos! #CVE-2025-31160 #Atop #Seguridad

Hacker News 20

@betterhn20

11 days ago

CVE-2025-31160 Atop 2.11 heap problems https://t.co/MnMXba1bMU (https://t.co/iXPzLShN8q)

TRONCAL Yannick

@ytroncal

11 days ago

CVE-2025-31160 Atop 2.11 heap problems https://t.co/JMEUHOKupb

Open Source Security mailing list

@oss_security

11 days ago

@solardiz CVE-2025-31160: Atop 2.11 heap problems https://t.co/eO9idXXilV atop always tries to connect to the TCP port of 'atopgpud' during initialization. When another local program has been started (instead of 'atopgpud') that listens to this TCP port, atop connects to that program.

Andrew

@cevaboyz

11 days ago

CVE-2025-31160 Atop 2.11 heap problems https://t.co/POcOLQolx7 4

CVE

@CVEnew

14 days ago

CVE-2025-31160 atop through 2.11.0 allows local users to cause a denial of service (e.g., assertion failure and application exit) or possibly have unspecified other impact by runnin… https://t.co/qQ47Jf9XuG

Affected Software

No affected software found for this CVE

References

Reference	Link
AF854A3A-2127-422B-91AE-364DA2661108	http://www.openwall.com/lists/oss-security/2025/03/26/3
AF854A3A-2127-422B-91AE-364DA2661108	http://www.openwall.com/lists/oss-security/2025/03/27/1
AF854A3A-2127-422B-91AE-364DA2661108	http://www.openwall.com/lists/oss-security/2025/03/27/2
AF854A3A-2127-422B-91AE-364DA2661108	http://www.openwall.com/lists/oss-security/2025/03/27/3
AF854A3A-2127-422B-91AE-364DA2661108	http://www.openwall.com/lists/oss-security/2025/03/29/1
[email protected]	https://github.com/Atoptool/atop
[email protected]	https://news.ycombinator.com/item?id=43477057
[email protected]	https://news.ycombinator.com/item?id=43485980
[email protected]	https://rachelbythebay.com/w/2025/03/26/atop/
AF854A3A-2127-422B-91AE-364DA2661108	http://www.openwall.com/lists/oss-security/2025/03/26/3
AF854A3A-2127-422B-91AE-364DA2661108	http://www.openwall.com/lists/oss-security/2025/03/27/1
AF854A3A-2127-422B-91AE-364DA2661108	http://www.openwall.com/lists/oss-security/2025/03/27/2
AF854A3A-2127-422B-91AE-364DA2661108	http://www.openwall.com/lists/oss-security/2025/03/27/3
AF854A3A-2127-422B-91AE-364DA2661108	http://www.openwall.com/lists/oss-security/2025/03/29/1
[email protected]	https://blog.bismuth.sh/blog/bismuth-found-the-atop-bug
[email protected]	https://github.com/Atoptool/atop
[email protected]	https://news.ycombinator.com/item?id=43477057
[email protected]	https://news.ycombinator.com/item?id=43485980
[email protected]	https://rachelbythebay.com/w/2025/03/26/atop/
AF854A3A-2127-422B-91AE-364DA2661108	http://www.openwall.com/lists/oss-security/2025/03/26/3
AF854A3A-2127-422B-91AE-364DA2661108	http://www.openwall.com/lists/oss-security/2025/03/27/1
AF854A3A-2127-422B-91AE-364DA2661108	http://www.openwall.com/lists/oss-security/2025/03/27/2
AF854A3A-2127-422B-91AE-364DA2661108	http://www.openwall.com/lists/oss-security/2025/03/27/3
[email protected]	https://github.com/Atoptool/atop
[email protected]	https://news.ycombinator.com/item?id=43477057
[email protected]	https://news.ycombinator.com/item?id=43485980
[email protected]	https://rachelbythebay.com/w/2025/03/26/atop/

CWE Details

CWE ID	CWE Name	Description
CWE-617	Reachable Assertion	The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence