CVE-2025-13397 identifies a NULL pointer dereference vulnerability in the mrubyc project, specifically affecting versions 3.0 through 3.4. The flaw resides in the mrbc_raw_realloc function within the src/alloc.c source file, where improper handling of the pointer argument 'ptr' can lead to dereferencing a NULL pointer. This results in an application crash, causing a denial of service condition. The vulnerability requires local access with low privileges, meaning an attacker must have some level of local system interaction but does not require elevated privileges or user interaction. The vulnerability does not affect confidentiality or integrity but impacts availability by crashing the affected process. The patch identified by commit hash 009111904807b8567262036bf45297c3da8f1c87 addresses this issue. No known exploits have been reported in the wild, indicating limited active exploitation. Mrubyc is a lightweight Ruby interpreter designed for embedded systems and IoT devices, so the vulnerability primarily affects environments where mrubyc is embedded. The CVSS 4.0 vector (AV:L/AC:L/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X) reflects a medium severity rating with local attack vector, low complexity, and no user interaction required.

The primary impact of CVE-2025-13397 is a denial of service through application crashes caused by NULL pointer dereference. For European organizations, this can disrupt embedded systems or IoT devices running mrubyc, potentially affecting operational continuity in industrial automation, smart devices, or critical infrastructure components. While the vulnerability does not compromise data confidentiality or integrity, availability interruptions in embedded environments can have cascading effects, such as halting manufacturing lines or disabling safety monitoring systems. The requirement for local access limits remote exploitation risk but does not eliminate insider threats or risks from compromised local accounts. Given the growing adoption of embedded Ruby interpreters in European IoT deployments, the vulnerability could affect sectors including manufacturing, automotive, healthcare devices, and smart city infrastructure.

To mitigate CVE-2025-13397, European organizations should promptly apply the patch identified by commit 009111904807b8567262036bf45297c3da8f1c87 to all affected mrubyc versions (3.0 through 3.4). Additionally, organizations should restrict local access to devices running mrubyc by enforcing strict access controls and monitoring for unauthorized local logins. Implementing host-based intrusion detection systems (HIDS) can help detect abnormal process crashes indicative of exploitation attempts. For embedded devices, ensure secure firmware update mechanisms are in place to deploy patches efficiently. Conduct thorough inventories to identify all devices running vulnerable mrubyc versions, including those in less visible IoT deployments. Finally, consider network segmentation to isolate critical embedded systems from general user networks, reducing the risk of local exploitation.