CVE-2025-2177

High

Published: 11 March 2025

Published

11 March 2025

Modified

10 October 2025

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0008 22.4th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-2177 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Zapping-Vbi Zvbi. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 22.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the integer overflow vulnerability by requiring identification, reporting, and timely patching of libzvbi to the fixed version 0.2.44.

RA-5 Vulnerability Monitoring and Scanning good match

detect

Enables detection of systems with vulnerable libzvbi versions up to 0.2.43 through vulnerability scanning for this specific CVE.

SI-10 Information Input Validation partial match

prevent

Addresses the root cause by validating inputs like the pat_len argument to prevent triggering the integer overflow in vbi_search_new.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

Remote integer overflow in libzvbi's vbi_search_new leads to heap overflow, enabling client-side exploitation for code execution (T1203) or endpoint denial of service via application crash (T1499.004).

NVD Description

A vulnerability classified as critical was found in libzvbi up to 0.2.43. This vulnerability affects the function vbi_search_new of the file src/search.c. The manipulation of the argument pat_len leads to integer overflow. The attack can be initiated remotely. The exploit…

has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is identified as ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.

Deeper analysisAI

CVE-2025-2177 is a critical integer overflow vulnerability in libzvbi versions up to 0.2.43. The issue resides in the vbi_search_new function within the src/search.c file, where manipulation of the pat_len argument triggers the overflow. This flaw is associated with CWE-189 and CWE-190.

The vulnerability enables remote exploitation by unauthenticated attackers with low attack complexity and no user interaction required, as indicated by its CVSS 3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Exploitation can lead to limited impacts on confidentiality, integrity, and availability. An exploit has been publicly disclosed and may be used.

Advisories recommend upgrading to libzvbi version 0.2.44, which resolves the issue through patch commit ca1672134b3e2962cd392212c73f44f8f4cb489f. The code maintainer was notified in advance and responded quickly and professionally. Additional details are provided in the GitHub security advisory (GHSA-g7cg-7gw9-v8cf), release notes for v0.2.44, and the patch commit.