How to fix EUVD-2025-20759?

During next maintenance window: Apply vendor patches when convenient. Vendor patch is available.

Is Ubuntu affected by EUVD-2025-20759?

CVE-2025-7207 is a low-severity vulnerability in mruby (CVSS 3.3). The limited severity suggests constrained impact, typically requiring specific conditions or local access for exploitation. A patch is available and can be applied during standard maintenance windows.

EUVD-2025-20759

| CVE-2025-7207 LOW

2025-07-09 [email protected]

3.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 16, 2026 - 06:20 vuln.today

EUVD ID Assigned

Mar 16, 2026 - 06:20 euvd

EUVD-2025-20759

Patch Released

Mar 16, 2026 - 06:20 nvd

Patch available

PoC Detected

Oct 01, 2025 - 20:32 vuln.today

Public exploit code

CVE Published

Jul 09, 2025 - 01:15 nvd

LOW 3.3

Description

A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scope_new of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is 1fdd96104180cc0fb5d3cb086b05ab6458911bb9. It is recommended to apply a patch to fix this issue.

Analysis

Technical Context

A buffer overflow occurs when data written to a buffer exceeds its allocated size, potentially overwriting adjacent memory and corrupting program state.

Affected Products

Affected products: Mruby Mruby

Remediation

A vendor patch is available — apply it immediately. Use memory-safe languages or bounds-checked functions. Enable ASLR, DEP/NX, and stack canaries. Apply vendor patches promptly.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +16

POC: +20

Vendor Status

Ubuntu

Priority: Medium

mruby

Release	Status	Version
xenial	needs-triage	-
bionic	needs-triage	-
focal	needs-triage	-
jammy	needs-triage	-
noble	needs-triage	-
upstream	needs-triage	-
oracular	ignored	end of life, was needs-triage
plucky	ignored	end of life, was needs-triage
questing	needs-triage	-

Debian

Bug #1109338

mruby

Release	Status	Fixed Version	Urgency
bullseye	vulnerable	2.1.2-3	-
bookworm	vulnerable	3.1.0-3	-
trixie	vulnerable	3.3.0-1	-
forky, sid	fixed	3.4.0-2	-
(unstable)	fixed	3.4.0-2	-

EUVD-2025-20759 vulnerability details – vuln.today

Back

EUVD-2025-20759

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

EUVD-2025-20759

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code