CVE-2025-5643: Memory Corruption in Radare2
A vulnerability classified as problematic was found in Radare2 5.9.9. Affected by this vulnerability is the function cons_stack_load in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is named 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
AI Analysis
Technical Summary
CVE-2025-5643 is a memory corruption vulnerability identified in Radare2 version 5.9.9, specifically within the function cons_stack_load located in the /libr/cons/cons.c source file of the radiff2 component. The vulnerability arises from improper handling of the -T argument, which is documented as experimental and prone to crashes. When this argument is manipulated, it can lead to memory corruption. Exploitation requires local access to the system and is considered complex and difficult, with no user interaction needed but requiring low privileges. The vulnerability does not affect confidentiality, integrity, or availability in a significant manner, as indicated by its low CVSS score of 2.0 (CVSS 4.0 vector: AV:L/AC:H/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N). The exploit has been publicly disclosed, but its practical existence is questioned, and no known exploits are currently observed in the wild. A patch identified by commit 5705d99cc1f23f36f9a84aab26d1724010b97798 has been released to address this issue. Additional analysis notes that race conditions related to this vulnerability are not a concern unless AddressSanitizer (ASAN) is used. A warning has been added to the software to highlight the experimental and unstable nature of the -T parameter.
Potential Impact
For European organizations, the impact of this vulnerability is limited due to several factors. Radare2 is a reverse engineering framework primarily used by security researchers, malware analysts, and developers rather than general enterprise applications. The requirement for local access and the high complexity of exploitation reduce the risk of widespread attacks. The vulnerability does not compromise critical security properties such as confidentiality or integrity in a meaningful way, nor does it lead to denial of service or system-wide compromise. However, organizations relying on Radare2 for security analysis or development should be aware that exploitation could lead to application crashes or unstable behavior, potentially disrupting workflows. Since the vulnerability is tied to an experimental feature (-T argument), typical usage scenarios may not trigger the issue. Nonetheless, the presence of a public exploit disclosure means that targeted attackers with local access could attempt exploitation, emphasizing the need for patching in sensitive environments.
Mitigation Recommendations
To mitigate this vulnerability, European organizations using Radare2 5.9.9 should apply the official patch identified by commit 5705d99cc1f23f36f9a84aab26d1724010b97798 as soon as possible. Avoid using the experimental -T argument in radiff2 unless absolutely necessary, as it is known to be unstable and the root cause of this issue. Implement strict access controls to limit local access to systems running Radare2, reducing the attack surface. Employ monitoring to detect unusual local activity involving Radare2 usage. For environments using AddressSanitizer (ASAN), extra caution is advised since race conditions may be more problematic. Regularly update Radare2 to the latest stable versions to benefit from ongoing security improvements. Additionally, educate users about the risks of using experimental features and encourage adherence to best practices when handling security tools.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland
CVE-2025-5643: Memory Corruption in Radare2
Description
A vulnerability classified as problematic was found in Radare2 5.9.9. Affected by this vulnerability is the function cons_stack_load in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is named 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
AI-Powered Analysis
Technical Analysis
CVE-2025-5643 is a memory corruption vulnerability identified in Radare2 version 5.9.9, specifically within the function cons_stack_load located in the /libr/cons/cons.c source file of the radiff2 component. The vulnerability arises from improper handling of the -T argument, which is documented as experimental and prone to crashes. When this argument is manipulated, it can lead to memory corruption. Exploitation requires local access to the system and is considered complex and difficult, with no user interaction needed but requiring low privileges. The vulnerability does not affect confidentiality, integrity, or availability in a significant manner, as indicated by its low CVSS score of 2.0 (CVSS 4.0 vector: AV:L/AC:H/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N). The exploit has been publicly disclosed, but its practical existence is questioned, and no known exploits are currently observed in the wild. A patch identified by commit 5705d99cc1f23f36f9a84aab26d1724010b97798 has been released to address this issue. Additional analysis notes that race conditions related to this vulnerability are not a concern unless AddressSanitizer (ASAN) is used. A warning has been added to the software to highlight the experimental and unstable nature of the -T parameter.
Potential Impact
For European organizations, the impact of this vulnerability is limited due to several factors. Radare2 is a reverse engineering framework primarily used by security researchers, malware analysts, and developers rather than general enterprise applications. The requirement for local access and the high complexity of exploitation reduce the risk of widespread attacks. The vulnerability does not compromise critical security properties such as confidentiality or integrity in a meaningful way, nor does it lead to denial of service or system-wide compromise. However, organizations relying on Radare2 for security analysis or development should be aware that exploitation could lead to application crashes or unstable behavior, potentially disrupting workflows. Since the vulnerability is tied to an experimental feature (-T argument), typical usage scenarios may not trigger the issue. Nonetheless, the presence of a public exploit disclosure means that targeted attackers with local access could attempt exploitation, emphasizing the need for patching in sensitive environments.
Mitigation Recommendations
To mitigate this vulnerability, European organizations using Radare2 5.9.9 should apply the official patch identified by commit 5705d99cc1f23f36f9a84aab26d1724010b97798 as soon as possible. Avoid using the experimental -T argument in radiff2 unless absolutely necessary, as it is known to be unstable and the root cause of this issue. Implement strict access controls to limit local access to systems running Radare2, reducing the attack surface. Employ monitoring to detect unusual local activity involving Radare2 usage. For environments using AddressSanitizer (ASAN), extra caution is advised since race conditions may be more problematic. Regularly update Radare2 to the latest stable versions to benefit from ongoing security improvements. Additionally, educate users about the risks of using experimental features and encourage adherence to best practices when handling security tools.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- VulDB
- Date Reserved
- 2025-06-04T12:11:08.161Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 684143a1182aa0cae2d37153
Added to database: 6/5/2025, 7:13:37 AM
Last enriched: 7/7/2025, 3:27:54 AM
Last updated: 8/3/2025, 8:25:56 PM
Views: 14
Related Threats
CVE-2025-8066: CWE-601 URL Redirection to Untrusted Site ('Open Redirect') in Bunkerity Bunker Web
MediumCVE-2025-49898: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Xolluteon Dropshix
MediumCVE-2025-55207: CWE-601: URL Redirection to Untrusted Site ('Open Redirect') in withastro astro
MediumCVE-2025-49897: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in gopiplus Vertical scroll slideshow gallery v2
HighCVE-2025-49432: CWE-862 Missing Authorization in FWDesign Ultimate Video Player
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.