What is the CVSS score of CVE-2025-13654?

CVE-2025-13654 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.1%.

Which versions of Ubuntu are affected by CVE-2025-13654?

CVE-2025-13654 is a stack buffer overflow in the duc disk management tool that could allow attackers to read sensitive data or crash systems.. A patch is available.

Is there a public PoC exploit available for CVE-2025-13654?

Yes, a public proof-of-concept exploit is available for CVE-2025-13654. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2025-13654?

Within 24 hours: Inventory all systems running duc and assess exposure by reviewing network access logs and user permissions. Within 7 days: Implement network segmentation to restrict duc access to authorized administrators only, disable duc if not operationally critical, or run it only on isolated systems. Within 30 days: Monitor vendor advisories and security channels for patch availability; establish a deployment plan to apply the patch immediately upon release.

Ubuntu CVE-2025-13654

EUVD-2025-201406 HIGH

Out-of-bounds Write (CWE-787)

2025-12-05 cret@cert.org

Buffer Overflow Memory Corruption Ubuntu Debian Duc Red Hat Suse

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Ubuntu

MEDIUM

qualitative

SUSE

HIGH

qualitative

Red Hat

7.5 HIGH

qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 15, 2026 - 17:08 euvd

EUVD-2025-201406

Analysis Generated

Mar 15, 2026 - 17:08 vuln.today

PoC Detected

Jan 29, 2026 - 19:16 vuln.today

Public exploit code

CVE Published

Dec 05, 2025 - 13:16 nvd

HIGH 7.5

DescriptionCVE.org

A stack buffer overflow vulnerability exists in the buffer_get function of duc, a disk management tool, where a condition can evaluate to true due to underflow, allowing an out-of-bounds read.

Analysis

A stack buffer overflow vulnerability exists in the buffer_get function of duc, a disk management tool, where a condition can evaluate to true due to underflow, allowing an out-of-bounds read.

Technical ContextAI

An out-of-bounds memory access occurs when code reads from or writes to memory locations outside the intended buffer boundaries. This vulnerability is classified as Out-of-bounds Write (CWE-787).

RemediationAI

Implement proper bounds checking on all array and buffer accesses. Use memory-safe languages or static analysis tools to detect OOB issues.

Vendor StatusVendor

Ubuntu

Priority: Medium

duc

Release	Status	Version
xenial	needs-triage	-
bionic	needs-triage	-
focal	needs-triage	-
jammy	needs-triage	-
noble	needs-triage	-
questing	needs-triage	-
upstream	released	1.4.6-1
plucky	ignored	end of life, was needs-triage

Debian

Bug #1122057

duc

Release	Status	Fixed Version	Urgency
bookworm, bullseye	vulnerable	1.4.4-1	-
trixie	vulnerable	1.4.5-1	-
forky, sid	fixed	1.4.6-1	-
(unstable)	fixed	1.4.6-1	unimportant

SUSE

Severity: High

Product	Status
SUSE Package Hub 15 SP6	Fixed
openSUSE Leap 15.6	Fixed
openSUSE Tumbleweed	Fixed
SUSE Package Hub 15 SP6	Fixed

CVE-2025-13654 vulnerability details – vuln.today

Back

Ubuntu CVE-2025-13654

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Technical ContextAI

RemediationAI

Vendor StatusVendor

Ubuntu

Debian

SUSE

Share

External POC / Exploit Code