CVE-2025-1744

Critical

Published: 28 February 2025

Published

28 February 2025

Modified

01 July 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0045 63.8th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Out-of-bounds Write vulnerability in radareorg radare2 allows heap-based buffer over-read or buffer overflow.This issue affects radare2: before <5.9.9.

Security Summary

CVE-2025-1744 is an out-of-bounds write vulnerability in radareorg radare2 that allows heap-based buffer over-read or buffer overflow. The issue affects radare2 versions before 5.9.9 and is classified under CWE-787.

With a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), the vulnerability can be exploited remotely by an unauthenticated attacker with low complexity and no user interaction. Successful exploitation enables high-impact compromise of confidentiality, integrity, and availability, potentially allowing arbitrary heap memory read or write operations.

The vulnerability is addressed via a patch in the GitHub pull request at https://github.com/radareorg/radare2/pull/23969. Affected users should update to radare2 version 5.9.9 or later to mitigate the issue.

Details

CWE(s): CWE-787

Affected Products

radare

radare2

≤ 5.9.8

References

https://github.com/radareorg/radare2/pull/23969
Issue Tracking, Patch, Vendor Advisory · cve_disclosure@tech.gov.sg