CVE-2026-25207
Published: 13 April 2026
Summary
CVE-2026-25207 is a high-severity Out-of-bounds Write (CWE-787) vulnerability. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 12.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-25207 is an out-of-bounds write vulnerability (CWE-787) in Samsung's open source Escargot project. The issue allows overflow of buffers and affects Escargot at commit 97e8115ab1110bc502b4b5e4a0c689a71520d335. It was published on 2026-04-13 with a CVSS v3.1 base score of 7.4 (AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
The vulnerability can be exploited by a local attacker requiring no privileges (PR:N) but high attack complexity (AC:H) and local access vector (AV:L), with no user interaction needed (UI:N). Successful exploitation enables high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), potentially allowing arbitrary code execution or system compromise through the out-of-bounds write.
A pull request addressing the vulnerability is available at https://github.com/Samsung/escargot/pull/1554.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-21822
Vulnerability details
Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Out-of-bounds write (memory corruption) in local JS engine with PR:N and high CIA impact directly enables local exploitation for privilege escalation / arbitrary code execution (T1068).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the out-of-bounds write vulnerability by requiring timely remediation through patching via the available pull request.
Implements memory protection mechanisms such as address space randomization and non-executable memory to prevent exploitation of buffer overflows leading to arbitrary code execution.
Addresses potential root causes of the buffer overflow by enforcing validation of inputs that could trigger out-of-bounds writes in Escargot.