CVE-2025-5914
Published: 09 June 2025
Summary
CVE-2025-5914 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Redhat Enterprise Linux. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 29.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-17572
Vulnerability details
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker…
more
to execute arbitrary code or cause a denial-of-service condition.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The integer overflow in libarchive's RAR processing leads to double-free, enabling memory corruption for arbitrary code execution (T1203: Exploitation for Client Execution via malicious RAR files) or denial-of-service (T1499: Endpoint Denial of Service via crash).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.