CVE-2025-5222
HIGH EPSS 21.3%
Published May 27, 20251y ago · Modified Jun 17, 20262w ago
7.0 CVSS 3.1
Published May 27, 2025 1y ago
Last Modified Jun 17, 2026 2w ago
Description
A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Attack Vector Local
Attack Complexity High
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
21.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-120
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| unicode | international_components_for_unicode | * | <77.1 |
References 9
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:11888
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:12083
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:12331
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:12332
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:12333
- access.redhat.com https://access.redhat.com/security/cve/CVE-2025-5222
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2368600
- lists.debian.org https://lists.debian.org/debian-lts-announce/2025/06/msg00015.html
- unicode-org.atlassian.net https://unicode-org.atlassian.net/jira/software/c/projects/ICU/issues/ICU-22957
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.