How to fix CVE-2025-58050?

Within 7 days: Identify affected systems and apply vendor patches promptly. Vendor patch is available.

Is Heap Overflow affected by CVE-2025-58050?

Organizations using PCRE2 library should be aware of notable risk from CVE-2025-58050, a heap-based buffer overflow vulnerability rated CVSS 6.9. Exploitation could cause memory corruption or application crashes. Proof-of-concept code is publicly available.

CVE-2025-58050

MEDIUM

2025-08-27 [email protected]

6.9

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:L/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 19:09 vuln.today

Patch Released

Mar 28, 2026 - 19:09 nvd

Patch available

PoC Detected

Sep 09, 2025 - 15:27 vuln.today

Public exploit code

CVE Published

Aug 27, 2025 - 19:15 nvd

MEDIUM 6.9

Description

The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the (*scs:...) (Scan SubString) verb when combined with (*ACCEPT) in src/pcre2_match.c. This vulnerability may potentially lead to information disclosure if the out-of-bounds data read during the memcmp affects the final match result in a way observable by the attacker. This issue has been resolved in version 10.46.

Analysis

The PCRE2 library is a set of C functions that implement regular expression pattern matching. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical Context

This vulnerability is classified under CWE-122. The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the (*scs:...) (Scan SubString) verb when combined with (*ACCEPT) in src/pcre2_match.c. This vulnerability may potentially lead to information disclosure if the out-of-bounds data read during the memcmp affects the final match result in a way observable by the attacker. This issue has been resolved in version 10.46. Affected products include: Pcre Pcre2. Version information: version 10.45.

Affected Products

Pcre Pcre2.

Remediation

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +34

POC: +20

Vendor Status

CVE-2025-58050 vulnerability details – vuln.today

Back

CVE-2025-58050

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

CVE-2025-58050

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

External POC / Exploit Code