CVE-2025-1864

Critical

Published: 03 March 2025

Published

03 March 2025

Modified

01 July 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0038 59.4th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1864 is a critical-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Radare Radare2. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 40.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly requires identification, reporting, and correction of flaws like this buffer overflow via timely patching to radare2 version 5.9.9.

SI-16 Memory Protection good match

prevent

Implements memory protections such as address space layout randomization and non-executable memory to block exploitation of buffer overflows in radare2.

SI-10 Information Input Validation partial match

prevent

Mandates validation of inputs to radare2 to enforce proper bounds checking and prevent overflow operations within memory buffers.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Buffer overflow in network-reachable radare2 component directly enables remote unauthenticated code execution matching T1190.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in radareorg radare2 allows Overflow Buffers.This issue affects radare2: before <5.9.9.

Deeper analysisAI

CVE-2025-1864 is an Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in radareorg's radare2 reverse engineering framework, enabling buffer overflows. This issue affects radare2 versions prior to 5.9.9 and is classified under CWE-119 and CWE-120. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for severe impacts across confidentiality, integrity, and availability.

Unauthenticated attackers can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation allows attackers to achieve high-impact effects, including unauthorized access to sensitive data, modification of system integrity, and disruption of availability, potentially leading to full system compromise on affected radare2 installations.

Mitigation is addressed via a patch in the radareorg/radare2 GitHub pull request at https://github.com/radareorg/radare2/pull/23981. Security practitioners should upgrade to radare2 version 5.9.9 or later to remediate the issue.

Details

CWE(s): CWE-119 CWE-120

Affected Products

radare

radare2

≤ 5.9.8

CVEs Like This One

CVE-2026-6941Same product: Radare Radare2

CVE-2025-1744Same product: Radare Radare2

CVE-2026-6940Same product: Radare Radare2

CVE-2026-40517Same product: Radare Radare2

CVE-2026-40499Same product: Radare Radare2

CVE-2025-14709Shared CWE-119, CWE-120

CVE-2025-10838Shared CWE-119, CWE-120

CVE-2025-11385Shared CWE-119, CWE-120

CVE-2026-5982Shared CWE-119, CWE-120

CVE-2025-9812Shared CWE-119, CWE-120

References

https://github.com/radareorg/radare2/pull/23981
Issue Tracking, Vendor Advisory · cve_disclosure@tech.gov.sg