What is the CVSS score of CVE-2025-5916?

CVE-2025-5916 has a CVSS 3.1 base score of 3.9 (Low). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L. EPSS exploitation probability: 0.0%.

Which versions of Ubuntu are affected by CVE-2025-5916?

CVE-2025-5916 is a low-severity vulnerability in A vulnerability involving integer overflow (CVSS 3.9).. A patch is available.

How to fix or mitigate CVE-2025-5916?

During next maintenance window: Apply vendor patches when convenient. Verify integer overflow controls are in place.

Ubuntu CVE-2025-5916

EUVD-2025-17575 LOW

Integer Overflow or Wraparound (CWE-190)

2025-06-09 secalert@redhat.com

Buffer Overflow Integer Overflow Debian Ubuntu

3.9

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

Low

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 19:21 euvd

EUVD-2025-17575

Analysis Generated

Mar 14, 2026 - 19:21 vuln.today

Patch released

Mar 14, 2026 - 19:21 nvd

Patch available

CVE Published

Jun 09, 2025 - 20:15 nvd

LOW 3.9

DescriptionNVD

A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.

Analysis

Technical ContextAI

An integer overflow occurs when an arithmetic operation produces a value that exceeds the maximum (or minimum) size of the integer type used to store it. This vulnerability is classified as Integer Overflow or Wraparound (CWE-190).

RemediationAI

A vendor patch is available — apply it immediately. Use safe integer arithmetic libraries. Check for overflow conditions before operations. Use appropriately sized integer types.

More from same product – last 7 days

CVE-2026-47269 HIGH This Week

7.4 May 27

Authentication-context bypass in pam_usb before 0.9.0 lets a person holding an enrolled USB device authenticate over SSH

CVE-2026-47271 MEDIUM This Month

5.1 May 27

pam_usb prior to 0.9.0 crashes under memory pressure due to assert()-based OOM guards in src/mem.c that are silently str

CVE-2026-45898 Awaiting Data

May 27

In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix workqueue list corruption by removin

CVE-2026-45924 Awaiting Data

May 27

In the Linux kernel, the following vulnerability has been resolved: ksmbd: call ksmbd_vfs_kern_path_end_removing() on s

CVE-2026-45965 Awaiting Data

May 27

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix invalid deref of rawdata when export_

Vendor StatusVendor

Ubuntu

Priority: Medium

libarchive

Release	Status	Version
trusty	needs-triage	-
xenial	needs-triage	-
bionic	needs-triage	-
focal	needs-triage	-
upstream	needs-triage	-
jammy	released	3.6.0-1ubuntu1.5
noble	released	3.7.2-2ubuntu0.5
oracular	released	3.7.4-1ubuntu0.3
plucky	released	3.7.7-0ubuntu2.3
questing	released	3.7.7-0ubuntu3

USN-7601-1

Debian

Bug #1107623

libarchive

Release	Status	Fixed Version	Urgency
bullseye	fixed	3.4.3-2+deb11u3	-
bullseye (security)	fixed	3.4.3-2+deb11u3	-
bookworm	fixed	3.6.2-1+deb12u3	-
bookworm (security)	vulnerable	3.6.2-1+deb12u2	-
trixie	fixed	3.7.4-4	-
forky, sid	fixed	3.8.5-1	-
(unstable)	fixed	3.7.4-4	-

DLA-4368-1

CVE-2025-5916 vulnerability details – vuln.today

Back

Ubuntu CVE-2025-5916

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

Analysis

Technical ContextAI

RemediationAI

More from same product – last 7 days

Vendor StatusVendor

Ubuntu

Debian

Share

External POC / Exploit Code