Cyber Resilience

CVE-2025-0662

Medium

Published: 30 January 2025

Published
30 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0010 27.3th percentile
Risk Priority 10 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0662 is a medium-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Freebsd (inferred from references). Its CVSS base score is 4.9 (Medium).

Operationally, ranked at the 27.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

In some cases, the ktrace facility will log the contents of kernel structures to userspace. In one such case, ktrace dumps a variable-sized sockaddr to userspace. There, the full sockaddr is copied, even when it is shorter than the full…

more

size. This can result in up to 14 uninitialized bytes of kernel memory being copied out to userspace. It is possible for an unprivileged userspace program to leak 14 bytes of a kernel heap allocation to userspace.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

Freebsd
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References