What is the CVSS score of CVE-2025-2177?

CVE-2025-2177 has a CVSS 3.1 base score of 7.3 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L. EPSS exploitation probability: 0.4%.

Which versions of Suse are affected by CVE-2025-2177?

Organizations using libzvbi face moderate risk from CVE-2025-2177 rated CVSS 7.3. Exploitation could compromise the security of affected deployments.. A patch is available.

How to fix or mitigate CVE-2025-2177?

Within 7 days: Identify all affected systems running libzvbi and apply vendor patches promptly. Vendor patch is available.

Suse CVE-2025-2177

HIGH

Numeric Errors (CWE-189)

2025-03-11 cna@vuldb.com

Integer Overflow Suse

7.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 19:52 vuln.today

Patch released

Oct 10, 2025 - 20:14 nvd

Patch available

CVE Published

Mar 11, 2025 - 08:15 nvd

HIGH 7.3

DescriptionNVD

A vulnerability classified as critical was found in libzvbi up to 0.2.43. This vulnerability affects the function vbi_search_new of the file src/search.c. The manipulation of the argument pat_len leads to integer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is identified as ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.

AnalysisAI

A vulnerability classified as critical was found in libzvb versions up to 0.2.43. contains a security vulnerability (CVSS 7.3).

Technical ContextAI

affects A vulnerability classified as critical was found in libzvb. classified as critical was found in libzvbi up to 0.2.43. This vulnerability affects the function vbi_search_new of the file src/search.c. The manipulation of the argument pat_len leads to integer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is identified as ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code mai

Affected ProductsAI

Product: A vulnerability classified as critical was found in libzvb. Versions: up to 0.2.43..

RemediationAI

A vendor patch is available — apply it immediately. Restrict network access to the affected service where possible.

More from same product – last 7 days

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

Vendor StatusVendor

CVE-2025-2177 vulnerability details – vuln.today

Back