CVE-2025-5648 | Radare2 5.9.9 radiff2 /libr/cons/pal.c r_cons_pal_init -T memory corruption

A vulnerability was found in Radare2 5.9.9. It has been classified as problematic. Affected is the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption.

This vulnerability is traded as CVE-2025-5648. An attack has to be approached locally. Furthermore, there is an exploit available.

The real existence of this vulnerability is still doubted at the moment.

It is recommended to apply a patch to fix this issue.

The documentation explains that the parameter -T is experimental and “crashy”. Further analysis has shown “the race is not a real problem unless you use asan”. A new warning has been added.

CVE-2025-5648 | Radare2 5.9.9 radiff2 /libr/cons/pal.c r_cons_pal_init -T memory corruption

Post correlati

CVE-2024-24307 | Product Designer Module prior 1.178.36 on PrestaShop ajaxProcessCropImage path traversal

CVE-2024-23456 | Zscaler Client Connector up to 4.2.0.149 signature verification

CVE-2023-5378 | Jan Syski MegaBIP/SmodBIP up to 4.36.2 cross site scripting

CVE-2024-6852 | WP MultiTasking Plugin up to 0.1.12 on WordPress Setting cross-site request forgery