VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-ec4s-1rb3-muhf

Essentials
Severities (31)
References (26)
Severity details (18)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-ec4s-1rb3-muhf
Aliases	CVE-2025-5222
Summary	icu: Stack buffer overflow in the SRBRoot::addTag function
Status	Published
Exploitability	0.5
Weighted Severity	6.3
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

System	Score	Found at
cvssv3.1	7	https://access.redhat.com/errata/RHSA-2025:11888
ssvc	Track	https://access.redhat.com/errata/RHSA-2025:11888
cvssv3.1	7	https://access.redhat.com/errata/RHSA-2025:12083
ssvc	Track	https://access.redhat.com/errata/RHSA-2025:12083
cvssv3.1	7	https://access.redhat.com/errata/RHSA-2025:12331
ssvc	Track	https://access.redhat.com/errata/RHSA-2025:12331
cvssv3.1	7	https://access.redhat.com/errata/RHSA-2025:12332
ssvc	Track	https://access.redhat.com/errata/RHSA-2025:12332
cvssv3.1	7	https://access.redhat.com/errata/RHSA-2025:12333
ssvc	Track	https://access.redhat.com/errata/RHSA-2025:12333
cvssv3	7.0	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5222.json
cvssv3.1	7	https://access.redhat.com/security/cve/CVE-2025-5222
ssvc	Track	https://access.redhat.com/security/cve/CVE-2025-5222
epss	0.00033	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
epss	0.00033	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
epss	0.00033	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
cvssv3.1	7	https://bugzilla.redhat.com/show_bug.cgi?id=2368600
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2368600
cvssv3.1	7	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7	https://unicode-org.atlassian.net/jira/software/c/projects/ICU/issues/ICU-22957
ssvc	Track	https://unicode-org.atlassian.net/jira/software/c/projects/ICU/issues/ICU-22957

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5222.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-5222
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5222
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1106684		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106684
2368600		https://bugzilla.redhat.com/show_bug.cgi?id=2368600
cpe:/a:redhat:enterprise_linux:9::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/a:redhat:openshift:4		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4
cpe:/a:redhat:rhel_e4s:9.0::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream
cpe:/a:redhat:rhel_e4s:9.2::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream
cpe:/a:redhat:rhel_eus:9.4::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream
cpe:/o:redhat:enterprise_linux:10.0		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0
cpe:/o:redhat:enterprise_linux:6		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos
cpe:/o:redhat:rhel_e4s:9.0::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos
cpe:/o:redhat:rhel_e4s:9.2::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos
cpe:/o:redhat:rhel_eus:9.4::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos
CVE-2025-5222		https://access.redhat.com/security/cve/CVE-2025-5222
ICU-22957		https://unicode-org.atlassian.net/jira/software/c/projects/ICU/issues/ICU-22957
RHSA-2025:11888		https://access.redhat.com/errata/RHSA-2025:11888
RHSA-2025:12083		https://access.redhat.com/errata/RHSA-2025:12083
RHSA-2025:12331		https://access.redhat.com/errata/RHSA-2025:12331
RHSA-2025:12332		https://access.redhat.com/errata/RHSA-2025:12332
RHSA-2025:12333		https://access.redhat.com/errata/RHSA-2025:12333

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2025:11888

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-28T13:49:29Z/ Found at https://access.redhat.com/errata/RHSA-2025:11888

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2025:12083

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-28T13:49:29Z/ Found at https://access.redhat.com/errata/RHSA-2025:12083

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2025:12331

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-28T13:49:29Z/ Found at https://access.redhat.com/errata/RHSA-2025:12331

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2025:12332

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-28T13:49:29Z/ Found at https://access.redhat.com/errata/RHSA-2025:12332

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2025:12333

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-28T13:49:29Z/ Found at https://access.redhat.com/errata/RHSA-2025:12333

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5222.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/security/cve/CVE-2025-5222

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-28T13:49:29Z/ Found at https://access.redhat.com/security/cve/CVE-2025-5222

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2368600

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-28T13:49:29Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2368600

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://unicode-org.atlassian.net/jira/software/c/projects/ICU/issues/ICU-22957

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-28T13:49:29Z/ Found at https://unicode-org.atlassian.net/jira/software/c/projects/ICU/issues/ICU-22957

Exploit Prediction Scoring System (EPSS)

Percentile	0.09774
EPSS Score	0.00033
Published At	April 24, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:44:01.211429+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5222.json	38.0.0