CVE-2025-48060 is a high-severity stack-based buffer overflow vulnerability identified in the jq command-line JSON processor, specifically affecting versions up to and including 1.7.1. jq is widely used for parsing, filtering, and transforming JSON data in various automation, scripting, and data processing workflows. The vulnerability arises in the function `jv_string_vfmt` within the jq_fuzz_execute harness, as discovered through fuzz testing by oss-fuzz. The flaw manifests as a heap-buffer-overflow triggered at the memory allocation call `void* p = malloc(sz);` in the source file jv.c at line 1456. This indicates that the function attempts to allocate memory based on a size parameter that can be manipulated to exceed intended bounds, leading to memory corruption. Such corruption can result in arbitrary code execution, application crashes, or denial of service. Notably, no patched versions are available at the time of publication, increasing the risk for users who rely on jq in their environments. The vulnerability has a CVSS 4.0 base score of 7.7, reflecting its network exploitable nature without requiring authentication or user interaction, and with a high impact on availability. The absence of known exploits in the wild suggests it is newly disclosed, but the ease of exploitation and jq's widespread use make it a critical concern for organizations processing JSON data at scale.

For European organizations, the impact of CVE-2025-48060 can be significant due to jq's extensive use in automation pipelines, DevOps toolchains, and data processing tasks across industries such as finance, telecommunications, healthcare, and government. Exploitation could allow attackers to execute arbitrary code remotely or cause denial of service, disrupting critical services and data workflows. This could lead to operational downtime, data integrity issues, and potential lateral movement within networks if jq is used on servers or in containerized environments. Given jq's integration in many open-source and commercial tools, the vulnerability may propagate through supply chains, increasing exposure. Organizations handling sensitive or regulated data may face compliance risks if the vulnerability is exploited to compromise confidentiality or availability. The lack of a patch necessitates immediate risk mitigation to prevent exploitation, especially in environments where jq processes untrusted JSON inputs from external sources or automated feeds.

Since no official patch is available, European organizations should implement the following specific mitigations: 1) Immediately audit all systems and pipelines to identify jq usage, including embedded jq instances in scripts, containers, and third-party tools. 2) Where feasible, temporarily disable or replace jq with alternative JSON processing tools that do not have this vulnerability, such as Python's jq bindings with patched versions or other JSON parsers. 3) Implement strict input validation and sanitization on JSON data processed by jq to reduce the risk of triggering the overflow. 4) Employ runtime protections such as memory corruption mitigations (e.g., Address Space Layout Randomization (ASLR), stack canaries, and Control Flow Integrity (CFI)) on hosts running jq. 5) Monitor logs and network traffic for anomalous behavior indicative of exploitation attempts, including unexpected crashes or malformed JSON inputs. 6) Prepare for rapid deployment of patches once they become available by tracking vendor advisories and community updates. 7) Limit jq execution privileges and isolate jq processes in sandboxed or containerized environments to minimize impact if exploited.