CVE-2025-1864

CVE-2025-1864 is an Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in radareorg's radare2 reverse engineering framework, enabling buffer overflows. This issue affects radare2 versions prior to 5.9.9 and is classified under CWE-119 and CWE-120. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for severe impacts across confidentiality, integrity, and availability.

Unauthenticated attackers can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation allows attackers to achieve high-impact effects, including unauthorized access to sensitive data, modification of system integrity, and disruption of availability, potentially leading to full system compromise on affected radare2 installations.

Mitigation is addressed via a patch in the radareorg/radare2 GitHub pull request at https://github.com/radareorg/radare2/pull/23981. Security practitioners should upgrade to radare2 version 5.9.9 or later to remediate the issue.