Buffer overflow in Mruby

CVE-2025-13120

A vulnerability has been found in mruby up to 3.4.0. This vulnerability affects the function sort_cmp of the file src/array.c. Such manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclose…

Vulnerability class: Buffer Overflow

EPSS: 0.001 (2.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.

Affected products

  • Mruby
  • N/a Mruby — versions 3.0, 3.1, 3.2

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2025-13120?
CVE-2025-13120 is a medium-severity vulnerability in Mruby, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 5.3/10. Published 2025-11-13.
How severe is CVE-2025-13120?
Medium severity. CVSS v3 base score is 5.3 out of 10.