CVE-2025-1864 — Vulnetix

CVE-2025-1864 PUBLISHED CVSS 10 CRITICAL

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in radareorg radare2 allows Overflow Buffers.This issue affects radare2: before <5.9.9.

EPSS 0.37% · 59.0th percentile

Risk Scores

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS Score

0.37%

59.0th percentile

Affected Products

Vendor	Product	Versions
radareorg	radare2	0
radare	radare2	0

Exploit Intelligence

CIRCL seen: CVE-2025-1864 (circl-sighting)
CIRCL seen: CVE-2025-1864 (circl-sighting)
CIRCL seen: CVE-2025-1864 (circl-sighting)
CIRCL seen: CVE-2025-1864 (circl-sighting)
https://github.com/radareorg/radare2/pull/23981 (circl)

Timeline

Mar 3, 2025 CVE ID Reserved
Mar 3, 2025 CVE Published
Mar 3, 2025 PoC Published
Mar 3, 2025 PoC Published
Mar 3, 2025 CVE Updated
Mar 3, 2025 PoC Published
Mar 4, 2025 EPSS Score
Mar 5, 2025 Coalition ESS Score
Mar 18, 2025 EPSS Score
Apr 1, 2025 EPSS Score
Apr 15, 2025 EPSS Score
Apr 28, 2025 EPSS Score

References

Open in Interactive Console →