Cyber Resilience

CVE-2025-31177

Medium

Published: 07 May 2025

Published
07 May 2025
Modified
08 January 2026
KEV Added
Patch
CVSS Score v3.1 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0017 37.6th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-31177 is a medium-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Gnuplot Gnuplot. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 37.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

gnuplot is affected by a heap buffer overflow at function utf8_copy_one.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

The heap buffer overflow in gnuplot's utf8_copy_one function enables arbitrary local code execution when processing malicious input, facilitating Exploitation for Client Execution (T1203).

Affected Assets

gnuplot
gnuplot
6.1.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References