Cyber Resilience

CVE-2025-69720

HighPublic PoCUpdated

Published: 19 March 2026

Published
19 March 2026
Modified
02 June 2026
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
EPSS Score 0.0041 33.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-69720 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Invisible-Island Ncurses. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 33.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-69720 is a stack-based buffer overflow vulnerability in the analyze_string function within progs/infocmp.c of the infocmp command-line tool in the ncurses library. It affects ncurses versions before 6.5-20251213 and is linked to CWE-121 (Stack-based Buffer Overflow) and CWE-120 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')).

The vulnerability carries a CVSS v3.1 base score of 7.3 (High), with the vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L. A local attacker requires no privileges but needs to trick a user into running the infocmp tool on a maliciously crafted terminfo description file. Exploitation can result in high confidentiality and integrity impacts, potentially allowing arbitrary code execution or memory corruption, alongside low availability disruption.

Advisories and references, including ncurses release notes at invisible-island.net/archives/ncurses/6.5/ and bug discussions on marc.info, point to mitigation by upgrading to ncurses 6.5-20251213 or later. A GitHub repository at Cao-Wuhui/CVE-2025-69720 provides additional exploit details, while the main ncurses site offers further context on the library.

EU & UK References

Vulnerability details

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Stack buffer overflow in local CLI tool (infocmp) triggered by crafted input file directly enables client-side code execution after user interaction.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-54480Shared CWE-121
CVE-2025-69195Shared CWE-121
CVE-2018-25302Shared CWE-120
CVE-2026-33554Shared CWE-121
CVE-2018-25301Shared CWE-120
CVE-2020-37126Shared CWE-121
CVE-2019-25332Shared CWE-121
CVE-2020-37001Shared CWE-121
CVE-2026-6665Shared CWE-121
CVE-2019-25361Shared CWE-121

Affected Assets

invisible-island
ncurses
6.5 · ≤ 6.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates timely identification, reporting, and patching of the stack-based buffer overflow flaw in ncurses infocmp, as recommended by advisories.

prevent

Implements memory protections such as stack canaries, ASLR, and DEP that specifically mitigate exploitation of stack-based buffer overflows even in vulnerable ncurses versions.

detect

Requires vulnerability scanning that would identify the presence of vulnerable ncurses versions affected by CVE-2025-69720, enabling remediation.

References