Cyber Resilience

CVE-2025-7208

LowPublic PoC

Published: 09 July 2025

Published
09 July 2025
Modified
29 April 2026
KEV Added
Patch
CVSS Score v4 2.0 CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0059 69.5th percentile
Risk Priority 4 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-7208 is a low-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in 9Fans Plan9Port. Its CVSS base score is 2.0 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 30.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-7208 is a critical heap-based buffer overflow vulnerability in 9fans plan9port up to commit 9da5b44, affecting the edump function in the library /src/plan9port/src/libsec/port/x509.c. Published on 2025-07-09, it is associated with CWEs-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-122 (Heap-based Buffer Overflow), earning a CVSS v3.1 base score of 5.5.

An attacker with adjacent network access (AV:A) and low privileges (PR:L) can exploit this issue with low attack complexity (AC:L) and no user interaction (UI:N), resulting in low impacts to confidentiality, integrity, and availability (C:I:A:L/L/L) in the unchanged security scope (S:U). The manipulation triggers the buffer overflow, and a public exploit has been disclosed.

Due to the product's rolling release model, specific affected and fixed version details are unavailable, but the patch identifier b3e06559475b0130a7a2fb56ac4d131d13d2012f addresses the issue. Security practitioners are advised to apply this patch, with details available in references such as the 9front git commit and the 9fans/plan9port GitHub issue #710.

EU & UK References

Vulnerability details

A vulnerability was found in 9fans plan9port up to 9da5b44. It has been classified as critical. This affects the function edump in the library /src/plan9port/src/libsec/port/x509.c. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public…

more

and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is b3e06559475b0130a7a2fb56ac4d131d13d2012f. It is recommended to apply a patch to fix this issue.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Heap buffer overflow in X.509 parsing code enables local/adjacent code execution for privilege escalation.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-1788Shared CWE-119, CWE-122
CVE-2024-45421Shared CWE-119, CWE-122
CVE-2026-3147Shared CWE-119, CWE-122
CVE-2026-26180Shared CWE-122
CVE-2026-20922Shared CWE-122
CVE-2024-47796Shared CWE-119
CVE-2026-20820Shared CWE-122
CVE-2025-54910Shared CWE-122
CVE-2026-20700Shared CWE-119
CVE-2026-3281Shared CWE-119, CWE-122

Affected Assets

9fans
plan9port
≤ 2025-03-29

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires applying the vendor patch (b3e06559) that eliminates the heap overflow in edump.

prevent

Enforces memory-protection mechanisms that can block exploitation of the heap-based buffer overflow.

prevent

Mandates input validation and bounds checking that would have prevented the unchecked manipulation reaching edump.

References