System	Score	Found at
cvssv3	7.2	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66648.json
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2025-66648
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2025-66648
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2025-66648
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-m9rg-mr6g-75gm
cvssv3.1	7.2	https://github.com/vega/vega
generic_textual	HIGH	https://github.com/vega/vega
cvssv3.1	7.2	https://github.com/vega/vega/security/advisories/GHSA-m9rg-mr6g-75gm
cvssv3.1_qr	HIGH	https://github.com/vega/vega/security/advisories/GHSA-m9rg-mr6g-75gm
generic_textual	HIGH	https://github.com/vega/vega/security/advisories/GHSA-m9rg-mr6g-75gm
ssvc	Track	https://github.com/vega/vega/security/advisories/GHSA-m9rg-mr6g-75gm
cvssv3.1	7.2	https://nvd.nist.gov/vuln/detail/CVE-2025-66648
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2025-66648

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66648.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-66648
		https://github.com/vega/vega
1125185		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125185
2427238		https://bugzilla.redhat.com/show_bug.cgi?id=2427238
CVE-2025-66648		https://nvd.nist.gov/vuln/detail/CVE-2025-66648
GHSA-m9rg-mr6g-75gm		https://github.com/advisories/GHSA-m9rg-mr6g-75gm
GHSA-m9rg-mr6g-75gm		https://github.com/vega/vega/security/advisories/GHSA-m9rg-mr6g-75gm

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66648.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N Found at https://github.com/vega/vega

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N Found at https://github.com/vega/vega/security/advisories/GHSA-m9rg-mr6g-75gm

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

---

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T15:40:01Z/ Found at https://github.com/vega/vega/security/advisories/GHSA-m9rg-mr6g-75gm

---

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2025-66648

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Percentile	0.088
EPSS Score	0.00029
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-11T16:59:42.587493+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2025/66xxx/CVE-2025-66648.json	38.6.0