CMake Assertion Failure Vulnerability in ForEach Command Processing

An assertion failure vulnerability has been identified in CMake version 4.1.20250725-gb5cce23 and potentially other recent 4.x versions. The issue arises in the 'cmForEachFunctionBlocker::ReplayItems' function within 'cmForEachCommand.cxx'. This vulnerability leads to a denial-of-service condition, where CMake crashes due to an unhandled assertion related to iteration variable counts in malformed foreach constructs. The vulnerability can be exploited locally by processing a specially crafted CMakeLists.txt file that triggers the assertion failure.

Impact

Exploitation of this vulnerability causes CMake to crash, terminating the process and creating a denial-of-service condition. The program aborts due to an assertion failure, which can disrupt build processes that rely on CMake.

Reproduction

To reproduce this vulnerability, compile CMake with debug assertions enabled or use the provided binary. Then, execute CMake with the '-P' option followed by a script that contains a foreach loop with a trailing 'IN', which will trigger the assertion failure. The program will crash with an assertion error, indicating that the expected number of iteration variables was not met.

Remediation

Users are advised to update to CMake version 4.2.0 or later, where this vulnerability has been fixed.