Cyber Resilience

CVE-2026-25205

High

Published: 13 April 2026

Published
13 April 2026
Modified
13 April 2026
KEV Added
Patch
CVSS Score v3.1 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0004 12.4th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-25205 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 12.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-25205 is a heap-based buffer overflow vulnerability in Samsung Open Source Escargot that allows out-of-bounds writes. The issue affects Escargot at commit hash 97e8115ab1110bc502b4b5e4a0c689a71520d335 and is classified under CWE-122. It received a CVSS v3.1 base score of 7.4.

The vulnerability can exploited by a local attacker with no privileges (PR:N), requiring local access (AV:L) and high attack complexity (AC:H), with no user interaction needed (UI:N) and unchanged scope (S:U). Successful exploitation can result in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H), potentially allowing arbitrary code execution or system compromise.

The GitHub pull request at https://github.com/Samsung/escargot/pull/1554 provides the patch addressing this vulnerability, serving as the primary mitigation for affected Escargot instances.

EU & UK References

Vulnerability details

Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows out-of-bounds write.This issue affects Escargot:commit hash  97e8115ab1110bc502b4b5e4a0c689a71520d335 .

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Heap buffer overflow in local JS engine with PR:N and code execution impact directly enables local exploitation for privilege escalation to achieve arbitrary code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-24067Shared CWE-122
CVE-2026-24283Shared CWE-122
CVE-2026-40407Shared CWE-122
CVE-2026-20840Shared CWE-122
CVE-2025-24995Shared CWE-122
CVE-2025-21418Shared CWE-122
CVE-2026-20864Shared CWE-122
CVE-2025-26634Shared CWE-122
CVE-2025-24066Shared CWE-122
CVE-2026-25188Shared CWE-122

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 requires timely flaw remediation, directly addressing this heap-based buffer overflow via the specific patch in the referenced GitHub pull request.

prevent

SI-16 enforces memory protections such as ASLR and DEP that prevent exploitation of heap buffer overflows leading to out-of-bounds writes and arbitrary code execution.

prevent

SI-10 mandates input validation to check bounds and sizes, mitigating the root cause of the CWE-122 heap buffer overflow in Escargot.

References