VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-saxq-p7en-gyet

Essentials
Severities (45)
References (28)
Severity details (16)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-saxq-p7en-gyet
Aliases	CVE-2025-5222
Summary	A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.
Status	Published
Exploitability	0.5
Weighted Severity	6.3
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

System	Score	Found at
cvssv3.1	7	https://access.redhat.com/errata/RHSA-2025:11888
ssvc	Track	https://access.redhat.com/errata/RHSA-2025:11888
cvssv3.1	7	https://access.redhat.com/errata/RHSA-2025:12083
ssvc	Track	https://access.redhat.com/errata/RHSA-2025:12083
cvssv3.1	7	https://access.redhat.com/errata/RHSA-2025:12331
ssvc	Track	https://access.redhat.com/errata/RHSA-2025:12331
cvssv3.1	7	https://access.redhat.com/errata/RHSA-2025:12332
ssvc	Track	https://access.redhat.com/errata/RHSA-2025:12332
cvssv3.1	7	https://access.redhat.com/errata/RHSA-2025:12333
ssvc	Track	https://access.redhat.com/errata/RHSA-2025:12333
cvssv3	7.0	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5222.json
cvssv3.1	7	https://access.redhat.com/security/cve/CVE-2025-5222
ssvc	Track	https://access.redhat.com/security/cve/CVE-2025-5222
epss	0.00021	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2025-5222
cvssv3.1	7	https://bugzilla.redhat.com/show_bug.cgi?id=2368600
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2368600
cvssv3.1	7	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5222.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-5222
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5222
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://lists.debian.org/debian-lts-announce/2025/06/msg00015.html
1106684		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106684
cpe:2.3:a:unicode:international_components_for_unicode::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:unicode:international_components_for_unicode::::::::
cpe:/a:redhat:enterprise_linux:9::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/a:redhat:openshift:4		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4
cpe:/a:redhat:rhel_e4s:9.0::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream
cpe:/a:redhat:rhel_e4s:9.2::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream
cpe:/a:redhat:rhel_eus:9.4::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream
cpe:/o:redhat:enterprise_linux:10.0		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0
cpe:/o:redhat:enterprise_linux:6		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos
cpe:/o:redhat:rhel_e4s:9.0::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos
cpe:/o:redhat:rhel_e4s:9.2::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos
cpe:/o:redhat:rhel_eus:9.4::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos
CVE-2025-5222		https://access.redhat.com/security/cve/CVE-2025-5222
CVE-2025-5222		https://nvd.nist.gov/vuln/detail/CVE-2025-5222
RHSA-2025:11888		https://access.redhat.com/errata/RHSA-2025:11888
RHSA-2025:12083		https://access.redhat.com/errata/RHSA-2025:12083
RHSA-2025:12331		https://access.redhat.com/errata/RHSA-2025:12331
RHSA-2025:12332		https://access.redhat.com/errata/RHSA-2025:12332
RHSA-2025:12333		https://access.redhat.com/errata/RHSA-2025:12333
show_bug.cgi?id=2368600		https://bugzilla.redhat.com/show_bug.cgi?id=2368600

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2025:11888

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-28T13:49:29Z/ Found at https://access.redhat.com/errata/RHSA-2025:11888

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2025:12083

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-28T13:49:29Z/ Found at https://access.redhat.com/errata/RHSA-2025:12083

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2025:12331

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-28T13:49:29Z/ Found at https://access.redhat.com/errata/RHSA-2025:12331

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2025:12332

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-28T13:49:29Z/ Found at https://access.redhat.com/errata/RHSA-2025:12332

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2025:12333

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-28T13:49:29Z/ Found at https://access.redhat.com/errata/RHSA-2025:12333

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5222.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/security/cve/CVE-2025-5222

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-28T13:49:29Z/ Found at https://access.redhat.com/security/cve/CVE-2025-5222

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2368600

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-28T13:49:29Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2368600

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.03934
EPSS Score	0.00021
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:34:09.562240+00:00	Alpine Linux Importer	Import	https://secdb.alpinelinux.org/edge/main.json	37.0.0