CVE-2025-7207

| EUVD-2025-20759 LOW
2025-07-09 [email protected]
3.3
CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

5
Analysis Generated
Mar 16, 2026 - 06:20 vuln.today
EUVD ID Assigned
Mar 16, 2026 - 06:20 euvd
EUVD-2025-20759
Patch Released
Mar 16, 2026 - 06:20 nvd
Patch available
PoC Detected
Oct 01, 2025 - 20:32 vuln.today
Public exploit code
CVE Published
Jul 09, 2025 - 01:15 nvd
LOW 3.3

Tags

Buffer Overflow Ubuntu Debian

Description

A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scope_new of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is 1fdd96104180cc0fb5d3cb086b05ab6458911bb9. It is recommended to apply a patch to fix this issue.

Analysis

A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scope_new of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is 1fdd96104180cc0fb5d3cb086b05ab6458911bb9. It is recommended to apply a patch to fix this issue.

Technical Context

A buffer overflow occurs when data written to a buffer exceeds its allocated size, potentially overwriting adjacent memory and corrupting program state.

Affected Products

Affected products: Mruby Mruby

Remediation

A vendor patch is available — apply it immediately. Use memory-safe languages or bounds-checked functions. Enable ASLR, DEP/NX, and stack canaries. Apply vendor patches promptly.

Priority Score

37
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +16
POC: +20

Vendor Status

Ubuntu

Priority: Medium
mruby
Release Status Version
xenial needs-triage -
bionic needs-triage -
focal needs-triage -
jammy needs-triage -
noble needs-triage -
upstream needs-triage -
oracular ignored end of life, was needs-triage
plucky ignored end of life, was needs-triage
questing needs-triage -

Debian

Bug #1109338
mruby
Release Status Fixed Version Urgency
bullseye vulnerable 2.1.2-3 -
bookworm vulnerable 3.1.0-3 -
trixie vulnerable 3.3.0-1 -
forky, sid fixed 3.4.0-2 -
(unstable) fixed 3.4.0-2 -

Share

CVE-2025-7207 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy