Cyber Resilience

CVE-2017-20225

CriticalPublic PoC

Published: 28 March 2026

Published
28 March 2026
Modified
08 April 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0080 51.7th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2017-20225 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Ticalc Tiemu. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 48.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

TiEmu versions 2.08 and prior are affected by CVE-2017-20225, a stack-based buffer overflow vulnerability stemming from inadequate boundary checks on user-supplied input. This flaw, classified under CWE-787, enables attackers to execute arbitrary code within the application's context. The vulnerability arises specifically from processing command-line arguments passed to the TiEmu emulator, a tool for emulating Texas Instruments calculators.

Remote attackers can exploit this vulnerability without privileges or user interaction, as indicated by its CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). By supplying specially crafted command-line arguments, an attacker triggers the buffer overflow, leveraging return-oriented programming (ROP) gadgets to bypass protections and execute shellcode. Successful exploitation grants high-impact confidentiality, integrity, and availability compromises within the application's execution environment.

Advisories and related resources, including the TiEmu project page at http://lpg.ticalc.org/prj_tiemu/, an Exploit-DB proof-of-concept at https://www.exploit-db.com/exploits/42087, and a Vulncheck advisory at https://www.vulncheck.com/advisories/tiemu-stack-based-buffer-overflow-vulnerability, provide further details on the issue. Security practitioners should consult these for any guidance on patches or workarounds, as TiEmu is an older project with potential for unpatched deployments.

EU & UK References

Vulnerability details

TiEmu 2.08 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can trigger the overflow through command-line arguments passed to the application, leveraging ROP gadgets…

more

to bypass protections and execute shellcode in the application context.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Stack-based buffer overflow in command-line argument processing enables remote arbitrary code execution (AV:N) in the application context without authentication or user interaction, directly mapping to exploitation of a public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-27807Shared CWE-787
CVE-2024-48856Shared CWE-787
CVE-2025-14234Shared CWE-787
CVE-2018-25223Shared CWE-787
CVE-2018-25154Shared CWE-787
CVE-2024-57704Shared CWE-787
CVE-2025-29384Shared CWE-787
CVE-2024-12648Shared CWE-787
CVE-2025-30276Shared CWE-787
CVE-2025-25746Shared CWE-787

Affected Assets

ticalc
tiemu
≤ 2.0.8

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces boundary checks and validation on user-supplied command-line inputs to prevent stack-based buffer overflows.

prevent

Implements memory safeguards like stack canaries, ASLR, and DEP to protect against arbitrary code execution from stack overflows even if input validation fails.

prevent

Requires timely identification, reporting, and remediation of flaws like this buffer overflow vulnerability through patching or replacement of affected TiEmu versions.

References