CVE-2025-5641 | Radare2 5.9.9 radiff2 /libr/cons/cons.c r_cons_is_breaked -T memory corruption (Issue 24230)

A vulnerability was found in Radare2 5.9.9. It has been rated as problematic. This issue affects the function r_cons_is_breaked in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption.

The identification of this vulnerability is CVE-2025-5641. It is possible to launch the attack on the local host. Furthermore, there is an exploit available.

The real existence of this vulnerability is still doubted at the moment.

It is recommended to apply a patch to fix this issue.

The documentation explains that the parameter -T is experimental and “crashy”. Further analysis has shown “the race is not a real problem unless you use asan”. An additional warning regarding threading support has been added.

CVE-2025-5641 | Radare2 5.9.9 radiff2 /libr/cons/cons.c r_cons_is_breaked -T memory corruption (Issue 24230)

Post correlati

CVE-2023-45289 | net-http-cookiejar up to 1.21.7/1.22.0 on Go HTTP Header information disclosure

CVE-2025-47816 | GNU PSPP up to 2.0.1 libpspp-core.a spvxml_parse_attributes out-of-bounds

CVE-2025-24017 | yeswiki up to 4.4.x cross site scripting

CVE-2024-4669 | Events Addon for Elementor Plugin up to 2.1.4 on WordPress Widgets cross site scripting