CVE-2025-1378

A vulnerability, which was classified as problematic, was found in radare2 5.9.9 33286. Affected is an unknown function in the library /libr/main/rasm2.c of the component rasm2. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 6.0.0 is able to address this issue. The patch is identified as c6c772d2eab692ce7ada5a4227afd50c355ad545. It is recommended to upgrade the affected component.

CVSS v3 3.3 LOW
CVSS v2.0 1.7 LOW

3.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

1.7^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 3.1 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://github.com/radareorg/radare2/commit/c6c772d2eab692ce7ada5a4227afd50c355ad545	Patch
https://github.com/radareorg/radare2/issues/23953	Exploit Issue Tracking Vendor Advisory
https://github.com/radareorg/radare2/issues/23953#issue-2844325926	Exploit Issue Tracking Vendor Advisory
https://github.com/radareorg/radare2/milestone/86	Release Notes
https://vuldb.com/?ctiid.295986	Permissions Required VDB Entry
https://vuldb.com/?id.295986	Third Party Advisory VDB Entry
https://vuldb.com/?submit.498499	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:radare:radare2:5.9.9:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-02-17 06:15

Updated : 2025-06-23 14:37

NVD link : CVE-2025-1378

Mitre link : CVE-2025-1378

CVE.ORG link : CVE-2025-1378

JSON object : View

Products Affected

radare

radare2

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2025-1378", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 1.7, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 4.8, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-02-17T06:15:13.277", "references": [{"url": "https://github.com/radareorg/radare2/commit/c6c772d2eab692ce7ada5a4227afd50c355ad545", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://github.com/radareorg/radare2/issues/23953", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://github.com/radareorg/radare2/issues/23953#issue-2844325926", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://github.com/radareorg/radare2/milestone/86", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://vuldb.com/?ctiid.295986", "tags": ["Permissions Required", "VDB Entry"], "source": "[email protected]"}, {"url": "https://vuldb.com/?id.295986", "tags": ["Third Party Advisory", "VDB Entry"], "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.498499", "tags": ["Third Party Advisory", "VDB Entry"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, was found in radare2 5.9.9 33286. Affected is an unknown function in the library /libr/main/rasm2.c of the component rasm2. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 6.0.0 is able to address this issue. The patch is identified as c6c772d2eab692ce7ada5a4227afd50c355ad545. It is recommended to upgrade the affected component."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en radare2 5.9.9 33286. Se trata de una funci\u00f3n desconocida en la librer\u00eda /libr/main/rasm2.c del componente rasm2. La manipulaci\u00f3n provoca la corrupci\u00f3n de la memoria. El ataque debe realizarse de forma local. El exploit se ha hecho p\u00fablico y puede utilizarse. La actualizaci\u00f3n a la versi\u00f3n 6.0.0 puede solucionar este problema. El parche se identifica como c6c772d2eab692ce7ada5a4227afd50c355ad545. Se recomienda actualizar el componente afectado."}], "lastModified": "2025-06-23T14:37:28.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:radare:radare2:5.9.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE116081-11B9-4F5B-B0A1-62B6FAEAC449"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}