Cyber Resilience

CVE-2025-1788

MediumPublic PoC

Published: 01 March 2025

Published
01 March 2025
Modified
25 August 2025
KEV Added
Patch
CVSS Score v4 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0003 9.3th percentile
Risk Priority 10 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1788 is a medium-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Rizin Rizin. Its CVSS base score is 4.8 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 9.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-1788 is a heap-based buffer overflow vulnerability affecting the rz_utf8_encode function in the /librz/util/utf8.c library of rizinorg rizin versions up to 0.8.0. Classified as critical, it maps to CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-122 (Heap-based Buffer Overflow). The issue was published on 2025-03-01.

Exploitation requires local access with low privileges and low attack complexity (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L, base score 5.3). A local attacker can manipulate input to the affected function, triggering the heap-based buffer overflow and achieving limited impacts on confidentiality, integrity, and availability.

Mitigation is available via a patch in the rizinorg/rizin pull request #4762, as referenced in GitHub issue #4910. A proof-of-concept exploit has been publicly disclosed, including a ZIP file (rz-bin-poc-01.zip) attached to the issue, and may be used by attackers. Additional details are available on vuldb.com/?ctiid.298011.

EU & UK References

Vulnerability details

A vulnerability, which was classified as critical, was found in rizinorg rizin up to 0.8.0. This affects the function rz_utf8_encode in the library /librz/util/utf8.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit…

more

has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local heap buffer overflow in rizin binary analysis tool enables privilege escalation via crafted input (T1068).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-1786Same product: Rizin Rizin
CVE-2024-45421Shared CWE-119, CWE-122
CVE-2025-7208Shared CWE-119, CWE-122
CVE-2026-3147Shared CWE-119, CWE-122
CVE-2026-26180Shared CWE-122
CVE-2026-20922Shared CWE-122
CVE-2024-47796Shared CWE-119
CVE-2026-20820Shared CWE-122
CVE-2025-54910Shared CWE-122
CVE-2026-20700Shared CWE-119

Affected Assets

rizin
rizin
≤ 0.8.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Mandates timely identification, reporting, and remediation of critical flaws like this heap-based buffer overflow through patching, directly addressing the available fix in rizin pull request #4762.

prevent

Implements memory protection mechanisms such as address space layout randomization and data execution prevention to block exploitation of heap buffer overflows even in unpatched versions.

prevent

Requires validation of input format, length, and type to the rz_utf8_encode function, mitigating manipulation that triggers the heap-based buffer overflow.

References