What is the CVSS score of CVE-2025-45333?

CVE-2025-45333 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.1%.

Which versions of Abc are affected by CVE-2025-45333?

CVE-2025-45333 is a high-severity null pointer dereference vulnerability affecting berkeley-abc 1.1 that can cause application crashes and unpredictable behavior.. A patch is available.

Is there a public PoC exploit available for CVE-2025-45333?

Yes, a public proof-of-concept exploit is available for CVE-2025-45333. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2025-45333?

Within 24 hours: Identify all systems running berkeley-abc 1.1 and assess whether they process untrusted input; isolate or air-gap critical instances if feasible. Within 7 days: Implement input validation and sandboxing controls; monitor for unexpected crashes or segmentation faults in logs; contact berkeley-abc maintainers for patch timeline. Within 30 days: Evaluate alternative tools or upgrade to patched versions when available; establish a formal upgrade plan with stakeholders.

Abc CVE-2025-45333

EUVD-2025-19136 HIGH

NULL Pointer Dereference (CWE-476)

2025-06-25 cve@mitre.org

Null Pointer Dereference Denial Of Service Abc

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Ubuntu

MEDIUM

qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 15, 2026 - 23:19 euvd

EUVD-2025-19136

Analysis Generated

Mar 15, 2026 - 23:19 vuln.today

PoC Detected

Jul 09, 2025 - 19:06 vuln.today

Public exploit code

CVE Published

Jun 25, 2025 - 20:15 nvd

HIGH 7.5

DescriptionCVE.org

berkeley-abc abc 1.1 contains a Null Pointer Dereference (NPD) vulnerability in the Abc_NtkCecFraigPart function of its data processing module, leading to unpredictable program behavior, causing segmentation faults, and program crashes.

AnalysisAI

CVE-2025-45333 is a Null Pointer Dereference vulnerability in Berkeley ABC (version 1.1) within the Abc_NtkCecFraigPart function that causes denial of service through segmentation faults and program crashes. The vulnerability is remotely exploitable without authentication or user interaction, affecting any system running the vulnerable ABC library for circuit synthesis and verification tasks. An attacker can trigger a crash by providing malformed input to the data processing module, resulting in complete service unavailability.

Technical ContextAI

Berkeley ABC (A System for Sequential Synthesis and Verification) is a widely-used open-source framework for logic synthesis, technology mapping, and formal verification. The Abc_NtkCecFraigPart function is part of the combinational equivalence checking (CEC) and FRAIG (Functionally Reduced And-Inverter Graph) modules. CWE-476 (Null Pointer Dereference) occurs when the code attempts to dereference a pointer that has not been properly validated as non-null before use. In this case, the vulnerability exists in the data processing module's handling of network topology structures, likely when processing circuit graphs with specific structural characteristics that leave intermediate pointers uninitialized. The affected CPE would be: cpe:2.3:a:berkeley-abc:abc:1.1:*:*:*:*:*:*:*. This library is commonly integrated into EDA (Electronic Design Automation) tools, formal verification platforms, and circuit optimization workflows.

Vendor StatusVendor

Ubuntu

Priority: Medium

berkeley-abc

Release	Status	Version
xenial	needs-triage	-
bionic	needs-triage	-
focal	needs-triage	-
jammy	needs-triage	-
noble	DNE	-
oracular	DNE	-
plucky	DNE	-
upstream	needs-triage	-
questing	DNE	-

Debian

berkeley-abc

Release	Status	Fixed Version	Urgency
bullseye	vulnerable	1.01+20191006git52a8ebb+dfsg-1	-
bookworm	vulnerable	1.01+20221019git70cb339+dfsg-4	-
(unstable)	fixed	(unfixed)	unimportant

CVE-2025-45333 vulnerability details – vuln.today

Back

Abc CVE-2025-45333

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

Vendor StatusVendor

Ubuntu

Debian

Share

External POC / Exploit Code