CVE-2025-1788

MediumPublic PoC

Published: 01 March 2025

Published

01 March 2025

Modified

25 August 2025

KEV Added

—

Patch

—

CVSS Score 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0003 8.9th percentile

Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1788 is a medium-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Rizin Rizin. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 8.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Mandates timely identification, reporting, and remediation of critical flaws like this heap-based buffer overflow through patching, directly addressing the available fix in rizin pull request #4762.

SI-16 Memory Protection good match

prevent

Implements memory protection mechanisms such as address space layout randomization and data execution prevention to block exploitation of heap buffer overflows even in unpatched versions.

SI-10 Information Input Validation partial match

prevent

Requires validation of input format, length, and type to the rz_utf8_encode function, mitigating manipulation that triggers the heap-based buffer overflow.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Local heap buffer overflow in rizin binary analysis tool enables privilege escalation via crafted input (T1068).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability, which was classified as critical, was found in rizinorg rizin up to 0.8.0. This affects the function rz_utf8_encode in the library /librz/util/utf8.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit…

has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.

Deeper analysisAI

CVE-2025-1788 is a heap-based buffer overflow vulnerability affecting the rz_utf8_encode function in the /librz/util/utf8.c library of rizinorg rizin versions up to 0.8.0. Classified as critical, it maps to CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-122 (Heap-based Buffer Overflow). The issue was published on 2025-03-01.

Exploitation requires local access with low privileges and low attack complexity (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L, base score 5.3). A local attacker can manipulate input to the affected function, triggering the heap-based buffer overflow and achieving limited impacts on confidentiality, integrity, and availability.

Mitigation is available via a patch in the rizinorg/rizin pull request #4762, as referenced in GitHub issue #4910. A proof-of-concept exploit has been publicly disclosed, including a ZIP file (rz-bin-poc-01.zip) attached to the issue, and may be used by attackers. Additional details are available on vuldb.com/?ctiid.298011.