Cyber Resilience

CVE-2025-1864

Critical

Published: 03 March 2025

Published
03 March 2025
Modified
01 July 2025
KEV Added
Patch
CVSS Score v4 10.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0037 59.1th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1864 is a critical-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Radare Radare2. Its CVSS base score is 10.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 40.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-1864 is an Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in radareorg's radare2 reverse engineering framework, enabling buffer overflows. This issue affects radare2 versions prior to 5.9.9 and is classified under CWE-119 and CWE-120. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for severe impacts across confidentiality, integrity, and availability.

Unauthenticated attackers can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation allows attackers to achieve high-impact effects, including unauthorized access to sensitive data, modification of system integrity, and disruption of availability, potentially leading to full system compromise on affected radare2 installations.

Mitigation is addressed via a patch in the radareorg/radare2 GitHub pull request at https://github.com/radareorg/radare2/pull/23981. Security practitioners should upgrade to radare2 version 5.9.9 or later to remediate the issue.

EU & UK References

Vulnerability details

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in radareorg radare2 allows Overflow Buffers.This issue affects radare2: before <5.9.9.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow in network-reachable radare2 component directly enables remote unauthenticated code execution matching T1190.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-40499Same product: Radare Radare2
CVE-2026-8695Same product: Radare Radare2
CVE-2026-6941Same product: Radare Radare2
CVE-2025-1744Same product: Radare Radare2
CVE-2026-40527Same product: Radare Radare2
CVE-2026-8696Same product: Radare Radare2
CVE-2026-40517Same product: Radare Radare2
CVE-2026-6940Same product: Radare Radare2
CVE-2025-11296Shared CWE-119, CWE-120
CVE-2025-10942Shared CWE-119, CWE-120

Affected Assets

radare
radare2
≤ 5.9.8

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires identification, reporting, and correction of flaws like this buffer overflow via timely patching to radare2 version 5.9.9.

prevent

Implements memory protections such as address space layout randomization and non-executable memory to block exploitation of buffer overflows in radare2.

prevent

Mandates validation of inputs to radare2 to enforce proper bounds checking and prevent overflow operations within memory buffers.

References