Cyber Resilience

CVE-2025-1744

Critical

Published: 28 February 2025

Published
28 February 2025
Modified
01 July 2025
KEV Added
Patch
CVSS Score v4 10.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0045 64.1th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1744 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Radare Radare2. Its CVSS base score is 10.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 35.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2025-1744 is an out-of-bounds write vulnerability in radareorg radare2 that allows heap-based buffer over-read or buffer overflow. The issue affects radare2 versions before 5.9.9 and is classified under CWE-787.

With a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), the vulnerability can be exploited remotely by an unauthenticated attacker with low complexity and no user interaction. Successful exploitation enables high-impact compromise of confidentiality, integrity, and availability, potentially allowing arbitrary heap memory read or write operations.

The vulnerability is addressed via a patch in the GitHub pull request at https://github.com/radareorg/radare2/pull/23969. Affected users should update to radare2 version 5.9.9 or later to mitigate the issue.

EU & UK References

Vulnerability details

Out-of-bounds Write vulnerability in radareorg radare2 allows heap-based buffer over-read or buffer overflow.This issue affects radare2: before <5.9.9.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Buffer overflow in radare2 enables client-side exploitation via malicious input file or data.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-8696Same product: Radare Radare2
CVE-2026-8695Same product: Radare Radare2
CVE-2026-40499Same product: Radare Radare2
CVE-2026-40517Same product: Radare Radare2
CVE-2026-6941Same product: Radare Radare2
CVE-2025-1864Same product: Radare Radare2
CVE-2026-6940Same product: Radare Radare2
CVE-2026-40527Same product: Radare Radare2
CVE-2025-21042Shared CWE-787
CVE-2026-0122Shared CWE-787

Affected Assets

radare
radare2
≤ 5.9.8

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires identification, reporting, and timely correction of flaws like the heap-based buffer overflow in radare2 versions before 5.9.9 via patching.

prevent

Implements memory protections such as non-executable heap and address space randomization to mitigate exploitation of out-of-bounds writes and overflows.

detect

Enables scanning and monitoring to identify deployments of vulnerable radare2 versions affected by CVE-2025-1744 for remediation.

References