CVE-2025-63745 identifies a NULL pointer dereference vulnerability in radare2, an open-source reverse engineering tool widely used for binary analysis. The flaw exists in the info() function within the bin_ne.c source file in versions 6.0.5 and earlier. When radare2 processes a specially crafted malformed binary file, the function attempts to dereference a NULL pointer, causing a segmentation fault that crashes the application. This results in a denial of service condition, disrupting the availability of the tool for legitimate users. The vulnerability requires local access since the attacker must provide the malformed binary file to the tool, and user interaction is necessary to trigger the fault. There is no evidence of confidentiality or integrity compromise, as the issue solely impacts availability. No public exploits have been reported, and no patches are currently linked, indicating that remediation may require manual intervention or waiting for an official update. The vulnerability is classified under CWE-476 (NULL Pointer Dereference), a common programming error that can lead to application crashes. Given radare2’s role in malware analysis, reverse engineering, and security research, this vulnerability could hinder incident response and forensic investigations if exploited. The CVSS v3.1 base score of 5.5 reflects a medium severity rating, considering the local attack vector, low complexity, no privileges required, user interaction needed, and impact limited to availability.

For European organizations, the primary impact of CVE-2025-63745 is the potential disruption of reverse engineering and malware analysis workflows that rely on radare2. Security teams, incident responders, and researchers using this tool may experience denial of service conditions when processing malformed binaries, delaying threat analysis and response times. This could indirectly affect the overall security posture by slowing down detection and mitigation of advanced threats. Organizations involved in software security audits, vulnerability research, and digital forensics may also face operational interruptions. However, since the vulnerability does not compromise confidentiality or integrity, the direct risk of data breach or system compromise is low. The impact is mostly operational and affects availability of a specialized tool rather than critical infrastructure. Nonetheless, in environments where radare2 is integrated into automated pipelines or used extensively, repeated crashes could degrade productivity and increase the risk of missing critical security insights.

To mitigate CVE-2025-63745, organizations should first monitor for official patches or updates from the radare2 development team and apply them promptly once available. In the absence of an official patch, users can review and modify the source code of the info() function in bin_ne.c to add proper NULL pointer checks before dereferencing, preventing segmentation faults. Employing input validation and sanitization on binary files before analysis can reduce the risk of triggering the vulnerability. Additionally, running radare2 in isolated or sandboxed environments can contain potential crashes and prevent broader system impact. Security teams should also train users to recognize and avoid processing suspicious or malformed binaries unnecessarily. Incorporating fallback mechanisms or alternative tools for binary analysis can ensure continuity of operations if radare2 becomes unavailable due to exploitation of this vulnerability. Finally, maintaining robust incident response procedures will help quickly address any disruptions caused by denial of service conditions.