CVE-2025-12875 | mruby 3.4.0 array.c ary_fill_exec start/length out-of-bounds write (Issue 6650)

Inserito da Angelo Barbosa | Nov 7, 2025 | CVE

A vulnerability was found in mruby 3.4.0 and classified as critical. This vulnerability affects the function ary_fill_exec of the file mrbgems/mruby-array-ext/src/array.c. Executing manipulation of the argument start/length can lead to out-of-bounds write.

This vulnerability is registered as CVE-2025-12875. The attack needs to be launched locally. Furthermore, an exploit is available.

It is best practice to apply a patch to resolve this issue.

CVE-2025-12875 | mruby 3.4.0 array.c ary_fill_exec start/length out-of-bounds write (Issue 6650)

Post correlati

CVE-2024-57957 | Huawei HarmonyOS 5.0.0 UI Framework Module violation of secure design principles

CVE-2024-12164 | creativewerkdesigns WPSyncSheets Lite for WPForms Plugin up to 1.6 on WordPress Setting wpsslwp_reset_settings authorization

CVE-2024-38903 | H3C Magic R230 V100R002 Service Port 9034 Privilege Escalation

CVE-2024-4505 | Ruijie RG-UAC up to 20240428 ip_addr_add_commit.php prelen/ethname os command injection