CVE-2025-69720
Published: 19 March 2026
Summary
CVE-2025-69720 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Invisible-Island Ncurses. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 33.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-69720 is a stack-based buffer overflow vulnerability in the analyze_string function within progs/infocmp.c of the infocmp command-line tool in the ncurses library. It affects ncurses versions before 6.5-20251213 and is linked to CWE-121 (Stack-based Buffer Overflow) and CWE-120 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')).
The vulnerability carries a CVSS v3.1 base score of 7.3 (High), with the vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L. A local attacker requires no privileges but needs to trick a user into running the infocmp tool on a maliciously crafted terminfo description file. Exploitation can result in high confidentiality and integrity impacts, potentially allowing arbitrary code execution or memory corruption, alongside low availability disruption.
Advisories and references, including ncurses release notes at invisible-island.net/archives/ncurses/6.5/ and bug discussions on marc.info, point to mitigation by upgrading to ncurses 6.5-20251213 or later. A GitHub repository at Cao-Wuhui/CVE-2025-69720 provides additional exploit details, while the main ncurses site offers further context on the library.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-208879
Vulnerability details
The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack buffer overflow in local CLI tool (infocmp) triggered by crafted input file directly enables client-side code execution after user interaction.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mandates timely identification, reporting, and patching of the stack-based buffer overflow flaw in ncurses infocmp, as recommended by advisories.
Implements memory protections such as stack canaries, ASLR, and DEP that specifically mitigate exploitation of stack-based buffer overflows even in vulnerable ncurses versions.
Requires vulnerability scanning that would identify the presence of vulnerable ncurses versions affected by CVE-2025-69720, enabling remediation.