NULL Pointer Dereference Vulnerability in radare2 by radareorg
CVE-2025-63745

5.5MEDIUM

Key Information:

Vendor: radareorg
Status: radare2
Vendor: CVE Published:; 14 November 2025

What is CVE-2025-63745?

A NULL pointer dereference vulnerability exists in radare2 versions 6.0.5 and earlier, specifically within the info() function of bin_ne.c. When a crafted binary input is processed, it can trigger a segmentation fault, leading to a denial of service condition. This vulnerability arises from the application's improper handling of malformed data, which may allow attackers to disrupt the normal operation of the software.

References

https://github.com/marlinkcyber/advisories/blob/main/advi...

https://github.com/radareorg/radare2/issues/24660

https://github.com/radareorg/radare2/commit/6c5df3f8570d4...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 14, 2025
Vulnerability Reserved
Oct 27, 2025

JSON