CVE-2026-25208

High

Published: 13 April 2026

Published

13 April 2026

Modified

13 April 2026

KEV Added

—

Patch

—

CVSS Score 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0005 16.3th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-25208 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 16.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly requires identifying, reporting, and correcting software flaws such as this integer overflow vulnerability via patching with the available pull request.

SI-10 Information Input Validation good match

prevent

Mandates validation of information inputs to prevent integer overflows from untrusted data leading to buffer overflows in Escargot.

SI-16 Memory Protection good match

prevent

Implements memory protection mechanisms like address space layout randomization or data execution prevention to mitigate exploitation of buffer overflows caused by the integer overflow.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Integer overflow leading to buffer overflow in JS engine allows unauthenticated remote code execution over network with no user interaction (CVSS AV:N/PR:N/UI:N), directly matching exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Integer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.

Deeper analysisAI

CVE-2026-25208 is an integer overflow vulnerability (CWE-190) in Samsung Open Source Escargot that allows buffer overflows. The issue affects Escargot at commit 97e8115ab1110bc502b4b5e4a0c689a71520d335. It was published on 2026-04-13 and carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

A remote attacker with no privileges or user interaction required can exploit this vulnerability over the network, though it demands high attack complexity. Successful exploitation enables high-impact consequences, including unauthorized disclosure of information, modification of data, and denial of service.

A pull request addressing the vulnerability is available at https://github.com/Samsung/escargot/pull/1554.

Details

CWE(s): CWE-190

CVEs Like This One

CVE-2025-53518Shared CWE-190

CVE-2026-41416Shared CWE-190

CVE-2024-55656Shared CWE-190

CVE-2025-14308Shared CWE-190

CVE-2026-5121Shared CWE-190

CVE-2025-27918Shared CWE-190

CVE-2025-0838Shared CWE-190

CVE-2025-30404Shared CWE-190

CVE-2026-24830Shared CWE-190

CVE-2026-31649Shared CWE-190

References

https://github.com/Samsung/escargot/pull/1554
PSIRT@samsung.com