CVE-2025-2174

Medium

Published: 11 March 2025

Published

11 March 2025

Modified

03 October 2025

KEV Added

—

Patch

—

CVSS Score 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS Score 0.0018 38.9th percentile

Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-2174 is a medium-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Zapping-Vbi Zvbi. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 38.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly requires timely identification, reporting, and correction of the integer overflow flaw in libzvbi by applying the patch in version 0.2.44.

RA-5 Vulnerability Monitoring and Scanning partial match

detect

Enables vulnerability scanning to identify systems running vulnerable libzvbi versions up to 0.2.43 exposed to remote DoS exploitation.

SI-10 Information Input Validation partial match

prevent

Mandates validation of inputs like src_length prior to processing by libzvbi to block crafted data triggering the integer overflow.

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

Integer overflow in libzvbi enables remote unauthenticated crafted input to trigger application crashes, directly mapping to Endpoint Denial of Service via Application or System Exploitation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A vulnerability was found in libzvbi up to 0.2.43. It has been declared as problematic. Affected by this vulnerability is the function vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the argument src_length leads to integer overflow. The attack can…

be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is named ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.

Deeper analysisAI

CVE-2025-2174 is an integer overflow vulnerability affecting libzvbi versions up to and including 0.2.43. The issue resides in the vbi_strndup_iconv_ucs2 function within the src/conv.c file, where manipulation of the src_length argument triggers the overflow. Classified under CWE-189 and CWE-190, it carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L), indicating medium severity primarily due to availability impact.

The vulnerability enables remote exploitation without authentication or user interaction. An attacker can send crafted input over the network to any system using the affected libzvbi versions, triggering the integer overflow and resulting in a limited denial of service, such as application crashes. Public disclosure of an exploit exists, increasing the risk of immediate use against vulnerable deployments.

Mitigation involves upgrading to libzvbi version 0.2.44, which incorporates the fixing commit ca1672134b3e2962cd392212c73f44f8f4cb489f. The project maintainer was notified in advance and responded promptly and professionally, as detailed in the GitHub security advisory (GHSA-g7cg-7gw9-v8cf) and release notes.