What is CVE-2025-1788?

CVE-2025-1788 is a medium-severity vulnerability in Rizinorg Rizin, classified under Heap-based Buffer Overflow. CVSS score: 5.3/10. Published 2025-03-01.

How severe is CVE-2025-1788?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Buffer overflow in Rizinorg Rizin

CVE-2025-1788

A vulnerability, which was classified as critical, was found in rizinorg rizin up to 0.8.0. This affects the function rz_utf8_encode in the library /librz/util/utf8.c. The manipulation leads to heap-based buffer overflow. An attack has to…

Vulnerability class: Buffer Overflow

EPSS: 0.000 (9.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.

Affected products

Rizinorg Rizin — versions 0.1, 0.2, 0.3

Weakness classification (CWE)

References

VDB-298011 | rizinorg rizin utf8.c rz_utf8_encode heap-based overflow (vdb-entry, technical-description)
VDB-298011 | CTI Indicators (IOB, IOC, IOA) (signature, permissions-required)
Submit #502345 | https://github.com/rizinorg/rizin rizin/rz-bin 309f57434dfa17954f02cdcbb3a2ac4108651767 Buffer Overflow (third-party-advisory)
github.com/rizinorg/rizin/issues/4910 (issue-tracking)
github.com/rizinorg/rizin/issues/4910 (issue-tracking)
github.com/user-attachments/files/18817099/rz-bin-poc-01.zip (exploit)
github.com/rizinorg/rizin/pull/4762 (issue-tracking, patch)

Frequently asked questions

What is CVE-2025-1788?: CVE-2025-1788 is a medium-severity vulnerability in Rizinorg Rizin, classified under Heap-based Buffer Overflow. CVSS score: 5.3/10. Published 2025-03-01.
How severe is CVE-2025-1788?: Medium severity. CVSS v3 base score is 5.3 out of 10.