CVE-2025-13397 identifies a null pointer dereference vulnerability in the mrubyc project, specifically in the mrbc_raw_realloc function located in src/alloc.c. Mrubyc is a lightweight Ruby interpreter designed for embedded systems and constrained environments. The vulnerability arises when the function improperly manipulates the pointer argument 'ptr', leading to a null pointer dereference. This flaw can cause the application or system process using mrubyc to crash, resulting in a denial of service condition. Exploitation requires local access with low privileges (PR:L), no user interaction, and no authentication bypass, limiting the attack vector to local users or processes. The CVSS 4.8 score reflects these constraints and the limited scope of impact, which primarily affects availability. No known exploits have been reported in the wild, and a patch identified by the commit hash 009111904807b8567262036bf45297c3da8f1c87 is available to remediate the issue. The vulnerability affects mrubyc versions 3.0 through 3.4 inclusive. Given mrubyc's role in embedded and IoT devices, the vulnerability could impact systems relying on this interpreter for scripting or automation tasks, potentially causing service interruptions or system instability.

For European organizations, the primary impact of CVE-2025-13397 is the risk of denial of service on devices or systems running vulnerable versions of mrubyc. This could disrupt operations in environments where mrubyc is embedded, such as IoT devices, industrial control systems, or specialized automation equipment. Although the vulnerability does not allow privilege escalation or remote code execution, the resulting crashes could lead to downtime, impacting availability and operational continuity. Organizations in sectors with heavy reliance on embedded systems, such as manufacturing, automotive, and telecommunications, may face increased risk. Additionally, service providers utilizing mrubyc in their infrastructure could experience localized outages if the vulnerability is exploited by an insider or a compromised local user. The limited attack vector reduces the likelihood of widespread exploitation but does not eliminate the risk of targeted local attacks or accidental crashes due to malformed inputs.

European organizations should prioritize applying the official patch identified by commit 009111904807b8567262036bf45297c3da8f1c87 to all affected mrubyc versions (3.0 to 3.4). In environments where patching is delayed, implement strict access controls to limit local user privileges and restrict access to systems running mrubyc to trusted personnel only. Employ monitoring and alerting for abnormal process crashes or system instability that could indicate exploitation attempts. Conduct code audits and testing for any custom scripts or integrations using mrubyc to ensure they do not inadvertently trigger the vulnerability. For embedded devices, coordinate with vendors to ensure firmware updates include the patched mrubyc version. Additionally, consider isolating critical embedded systems from general user environments to reduce the risk of local exploitation. Regularly review and update security policies governing local access and privilege management to minimize the attack surface.