What is the CVSS score of CVE-2025-5641?

CVE-2025-5641 has a CVSS 3.1 base score of 2.5 (Low). CVSS vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L. EPSS exploitation probability: 0.1%.

Which versions of Ubuntu are affected by CVE-2025-5641?

CVE-2025-5641 is a low-severity vulnerability in A vulnerability (CVSS 2.5). The limited severity suggests constrained impact, typically requiring specific conditions or local access for…. A patch is available.

Is there a public PoC exploit available for CVE-2025-5641?

Yes, a public proof-of-concept exploit is available for CVE-2025-5641. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2025-5641?

During next maintenance window: Apply vendor patches when convenient. Vendor patch is available.

Ubuntu CVE-2025-5641

EUVD-2025-16973 LOW

Buffer Overflow (CWE-119)

2025-06-05 cna@vuldb.com

Buffer Overflow Ubuntu Debian

2.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

2.5 LOW

AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

Ubuntu

MEDIUM

qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 17:53 euvd

EUVD-2025-16973

Analysis Generated

Mar 14, 2026 - 17:53 vuln.today

Patch released

Mar 14, 2026 - 17:53 nvd

Patch available

PoC Detected

Jun 23, 2025 - 14:37 vuln.today

Public exploit code

CVE Published

Jun 05, 2025 - 07:15 nvd

LOW 2.5

DescriptionCVE.org

A vulnerability was found in Radare2 5.9.9. It has been rated as problematic. This issue affects the function r_cons_is_breaked in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". An additional warning regarding threading support has been added.

Analysis

Technical ContextAI

A buffer overflow occurs when data written to a buffer exceeds its allocated size, potentially overwriting adjacent memory and corrupting program state.

RemediationAI

A vendor patch is available — apply it immediately. Use memory-safe languages or bounds-checked functions. Enable ASLR, DEP/NX, and stack canaries. Apply vendor patches promptly.

Vendor StatusVendor

Ubuntu

Priority: Medium

radare2

Release	Status	Version
xenial	needs-triage	-
bionic	needs-triage	-
focal	needs-triage	-
jammy	DNE	-
noble	needs-triage	-
upstream	needs-triage	-
plucky	ignored	end of life, was needs-triage
oracular	ignored	end of life, was needs-triage
questing	needs-triage	-

Debian

Bug #1107316

radare2

Release	Status	Fixed Version	Urgency
sid	fixed	6.0.7+ds-1	-
experimental	fixed	6.0.2+dfsg-1	-
(unstable)	fixed	6.0.4+dfsg-1	-

CVE-2025-5641 vulnerability details – vuln.today

Back

Ubuntu CVE-2025-5641

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Technical ContextAI

RemediationAI

Vendor StatusVendor

Ubuntu

Debian

Share

External POC / Exploit Code