CVE-2025-13151

High

Published: 07 January 2026

Published

07 January 2026

Modified

02 February 2026

KEV Added

—

Patch

08 January 2026

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0008 23.5th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-13151 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Gnu Libtasn1. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 23.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004).

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SI-16 Memory Protection

addresses: CWE-787

Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

Stack buffer overflow in network-reachable library directly enables remote application/system crash for DoS via exploitation (CWE-787, CVSS A:H only).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.

Deeper analysisAI

CVE-2025-13151 is a stack-based buffer overflow vulnerability (CWE-787) in libtasn1 version 4.20.0. The flaw resides in the asn1_expend_octet_string function, which fails to validate the size of input data, resulting in a buffer overflow. This affects the libtasn1 library, a component used for ASN.1 structure management and commonly integrated into projects like GnuTLS.

The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity due to its network accessibility, low attack complexity, and lack of requirements for privileges or user interaction. Remote, unauthenticated attackers can exploit it over the network to trigger a denial-of-service condition, such as crashing affected applications, with no impact on confidentiality or integrity.

Advisories and patches are referenced in the libtasn1 GitLab repository and merge request 121, which likely contains the fix. Further details appear in the oss-security mailing list post from January 8, 2026, and CERT vulnerability note 271649. Security practitioners should review these sources for patching instructions and verify updates in dependent software.

Details

CWE(s): CWE-787

Affected Products

gnu

libtasn1

4.20.0

CVEs Like This One

CVE-2025-15281Same vendor: Gnu

CVE-2025-69649Same vendor: Gnu

CVE-2026-4046Same vendor: Gnu

CVE-2026-4437Same vendor: Gnu

CVE-2026-5435Same vendor: Gnu

CVE-2025-69650Same vendor: Gnu

CVE-2025-1125Same vendor: Gnu

CVE-2026-5450Same vendor: Gnu

CVE-2026-6069Shared CWE-787

CVE-2025-25372Shared CWE-787

References

https://gitlab.com/gnutls/libtasn1
Product · cret@cert.org
https://gitlab.com/gnutls/libtasn1/-/merge_requests/121
Patch · cret@cert.org
http://www.openwall.com/lists/oss-security/2026/01/08/5
Mailing List, Patch · af854a3a-2127-422b-91ae-364da2661108
https://www.kb.cert.org/vuls/id/271649
Third Party Advisory · af854a3a-2127-422b-91ae-364da2661108