CVE-2025-2176

High

Published: 11 March 2025

Published

11 March 2025

Modified

10 October 2025

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0008 22.4th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-2176 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Zapping-Vbi Zvbi. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 22.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mandates timely remediation of the integer overflow flaw in libzvbi by applying the upgrade to version 0.2.44 or the specified patch.

RA-5 Vulnerability Monitoring and Scanning good match

detect

Requires vulnerability scanning and monitoring that would identify the presence of vulnerable libzvbi versions affected by CVE-2025-2176.

SI-10 Information Input Validation partial match

prevent

Enforces input validation to restrict manipulation of data passed to vbi_capture_sim_load_caption, mitigating the integer overflow trigger.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

Remote integer overflow in libzvbi's vbi_capture_sim_load_caption leads to heap overflow, enabling exploitation for client execution (T1203) or endpoint DoS via application exploitation (T1499.004).

NVD Description

A vulnerability classified as critical has been found in libzvbi up to 0.2.43. This affects the function vbi_capture_sim_load_caption of the file src/io-sim.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been…

disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The identifier of the patch is ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.

Deeper analysisAI

CVE-2025-2176 is a critical integer overflow vulnerability in libzvbi versions up to 0.2.43, specifically affecting the vbi_capture_sim_load_caption function in the src/io-sim.c file. The issue, tied to CWE-189 and CWE-190, allows manipulation that triggers the overflow, and it has a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).

Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation can result in limited impacts to confidentiality, integrity, and availability, such as partial data exposure, modification, or denial of service. The exploit has been publicly disclosed and may be usable.

Mitigation involves upgrading to libzvbi version 0.2.44, which addresses the issue via the patch commit ca1672134b3e2962cd392212c73f44f8f4cb489f. The project maintainer was notified in advance and responded quickly and professionally, with details available in the GitHub security advisory GHSA-g7cg-7gw9-v8cf and related release notes.