IM
IronMonkey Threat Research

CVE-2025-5222 HIGH

Published: 2025-05-27 | Last Modified: 2026-07-14 | Status: Modified

Description

A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.

Additional Descriptions (1)

Se detectó un desbordamiento del búfer de pila en componentes internacionales para Unicode (ICU). Al ejecutar el binario genrb, la estructura 'subtag' se desbordó en la función SRBRoot::addTag. Este problema puede provocar corrupción de memoria y la ejecución local de código arbitrario.

CVSS Metrics

Base Score: 7.0 (HIGH)

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack VectorLOCAL
Attack ComplexityHIGH
Privileges RequiredNONE
User InteractionREQUIRED
ScopeUNCHANGED
Confidentiality ImpactHIGH
Integrity ImpactHIGH
Availability ImpactHIGH

Source: [email protected]

Type: Secondary

Exploitability Score: 1.0

Impact Score: 5.9

Weaknesses

Source Type Description
[email protected] Secondary
en CWE-120

Affected Products

Vendor Product Version Update Type
unicode international_components_for_unicode * <built-in method update of dict object at 0x702bdc6a5cc0> Application

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:unicode:international_components_for_unicode:*:*:*:*:*:*:*:*
Notification
Message here