Memory Corruption in Radare2 Affects Multiple Versions
CVE-2025-5645
Key Information:
Badges
What is CVE-2025-5645?
A vulnerability has been discovered in Radare2 version 5.9.9, specifically affecting the functionality of the radiff2 component in the r_cons_pal_init function. This issue arises from manipulations of the argument -T, leading to potential memory corruption instances. The exploitation of this vulnerability requires local access and possesses a high complexity level, making successful attacks challenging. Although the exploit has been publicly disclosed, evidence regarding its real-world exploitation remains inconclusive. The affected parameter -T is flagged as experimental, further complicating usage. It is advisable to apply the patch identified by the commit 5705d99cc1f23f36f9a84aab26d1724010b97798 to mitigate this vulnerability effectively.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Radare2 5.9.9
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved