Is there a public PoC exploit available for EUVD-2025-20759?

Yes, a public proof-of-concept exploit is available for EUVD-2025-20759. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate EUVD-2025-20759?

During next maintenance window: Apply vendor patches when convenient. Vendor patch is available.

EUVD-2025-20759

Q: What is the CVSS score of EUVD-2025-20759?

EUVD-2025-20759 has a CVSS 4.0 base score of 1.9 (Low). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2025-7207 LOW

Buffer Overflow (CWE-119)

2025-07-09 cna@vuldb.com

Buffer Overflow

1.9

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

1.9 LOW

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Ubuntu

MEDIUM

qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:11 NVD

3.3 (LOW) 1.9 (LOW)

EUVD ID Assigned

Mar 16, 2026 - 06:20 euvd

EUVD-2025-20759

Analysis Generated

Mar 16, 2026 - 06:20 vuln.today

Patch released

Mar 16, 2026 - 06:20 nvd

Patch available

PoC Detected

Oct 01, 2025 - 20:32 vuln.today

Public exploit code

CVE Published

Jul 09, 2025 - 01:15 nvd

LOW 3.3

DescriptionCVE.org

A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scope_new of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is 1fdd96104180cc0fb5d3cb086b05ab6458911bb9. It is recommended to apply a patch to fix this issue.

Analysis

Vendor StatusVendor

Ubuntu

Priority: Medium

mruby

Release	Status	Version
xenial	needs-triage	-
bionic	needs-triage	-
focal	needs-triage	-
jammy	needs-triage	-
noble	needs-triage	-
upstream	needs-triage	-
oracular	ignored	end of life, was needs-triage
plucky	ignored	end of life, was needs-triage
questing	needs-triage	-

Debian

Bug #1109338

mruby

Release	Status	Fixed Version	Urgency
bullseye	vulnerable	2.1.2-3	-
bookworm	vulnerable	3.1.0-3	-
trixie	vulnerable	3.3.0-1	-
forky, sid	fixed	3.4.0-2	-
(unstable)	fixed	3.4.0-2	-

EUVD-2025-20759 vulnerability details – vuln.today

Back

EUVD-2025-20759

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Vendor StatusVendor

Ubuntu

Debian

Share

External POC / Exploit Code