What is the CVSS score of CVE-2025-48752?

CVE-2025-48752 has a CVSS 3.1 base score of 2.9 (Low). CVSS vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L. EPSS exploitation probability: 0.2%.

Which versions of Process Sync are affected by CVE-2025-48752?

CVE-2025-48752 is a low-severity vulnerability (CVSS 2.9). The limited severity suggests constrained impact, typically requiring specific conditions or local access for exploitation.

Is there a public PoC exploit available for CVE-2025-48752?

Yes, a public proof-of-concept exploit is available for CVE-2025-48752. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2025-48752?

During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.

Process Sync CVE-2025-48752

LOW

Use After Free (CWE-416)

2025-05-24 cve@mitre.org

Use After Free Memory Corruption Information Disclosure Process Sync

2.9

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

2.9 LOW

AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:43 vuln.today

PoC Detected

Jan 30, 2026 - 21:22 vuln.today

Public exploit code

CVE Published

May 24, 2025 - 03:15 nvd

LOW 2.9

DescriptionCVE.org

In the process-sync crate 0.2.2 for Rust, the drop function lacks a check for whether the pthread_mutex is unlocked.

AnalysisAI

In the process-sync crate 0.2.2 for Rust, the drop function lacks a check for whether the pthread_mutex is unlocked. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Use After Free (CWE-416), which allows attackers to access freed memory to execute arbitrary code or crash the application. In the process-sync crate 0.2.2 for Rust, the drop function lacks a check for whether the pthread_mutex is unlocked. Affected products include: Forestryks Process-Sync.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use smart pointers or garbage-collected languages. Set pointers to NULL after freeing. Enable memory sanitizers.

CVE-2025-48752 vulnerability details – vuln.today

Back

Process Sync CVE-2025-48752

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code