CVE-2025-58050 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-58050 PUBLISHED CVSS 6.900000095367432 MEDIUM

The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the (*scs:...) (Scan SubString) verb when combined with (*ACCEPT) in src/pcre2_match.c. This vulnerability may potentially lead to information disclosure if the out-of-bounds data read during the memcmp affects the final match result in a way observable by the attacker. This issue has been resolved in version 10.46.

EPSS 0.03% · 10.3th percentile

Risk Scores

CVSS v4.0

6.900000095367432

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:L/SI:N/SA:L

EPSS Score

0.03%

10.3th percentile

Affected Products

Vendor	Product	Versions
pcre	pcre2	10.45
PCRE2Project	pcre2	= 10.45

Timeline

Jan 21, 1970 Security Advisory
Aug 27, 2025 Coalition ESS Score
Aug 27, 2025 Coalition ESS Score
Aug 27, 2025 CVE Published
Aug 28, 2025 EPSS Score
Sep 1, 2025 Coalition ESS Score
Sep 4, 2025 EPSS Score
Sep 9, 2025 Coalition ESS Score
Sep 11, 2025 EPSS Score
Sep 19, 2025 EPSS Score
Sep 26, 2025 EPSS Score
Oct 3, 2025 EPSS Score

References

Open in Interactive Console →