Which versions of Radare2 are affected by CVE-2025-1744?

Organizations using Out-of-bounds Write vulnerability in radareorg radare2 face critical risk from CVE-2025-1744, a out-of-bounds write vulnerability rated CVSS 10.0.. A patch is available.

How to fix or mitigate CVE-2025-1744?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. If patching is delayed, consider network segmentation to limit exposure.

Radare2 CVE-2025-1744

Q: What is the CVSS score of CVE-2025-1744?

CVE-2025-1744 has a CVSS 4.0 base score of 10.0 (Critical). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.3%.

CRITICAL

Out-of-bounds Write (CWE-787)

2025-02-28 cve_disclosure@tech.gov.sg

Memory Corruption Buffer Overflow Radare2 Suse

10.0

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

10.0 CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

SUSE

9.8 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:29 vuln.today

Patch released

Mar 28, 2026 - 18:29 nvd

Patch available

CVE Published

Feb 28, 2025 - 04:15 nvd

CRITICAL 10.0

DescriptionCVE.org

Out-of-bounds Write vulnerability in radareorg radare2 allows

heap-based buffer over-read or buffer overflow.This issue affects radare2: before <5.9.9.

AnalysisAI

Out-of-bounds Write vulnerability in radareorg radare2 allows heap-based buffer over-read or buffer overflow.9.9. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. Out-of-bounds Write vulnerability in radareorg radare2 allows heap-based buffer over-read or buffer overflow.9.9. Affected products include: Radare Radare2.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

Vendor StatusVendor

SUSE

Severity: Critical

Product	Status
SUSE Package Hub 15 SP6	Fixed
openSUSE Leap 15.6	Fixed
openSUSE Tumbleweed	Fixed
SUSE Package Hub 15 SP6	Fixed

CVE-2025-1744 vulnerability details – vuln.today

Back

Radare2 CVE-2025-1744

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Vendor StatusVendor

SUSE

Share

External POC / Exploit Code