Home > Vulnerability Database > CVE-2025-12875

Mend.io Vulnerability Database

CVE-2025-12875

Date: November 7, 2025

A weakness has been identified in mruby 3.4.0. This vulnerability affects the function ary_fill_exec of the file mrbgems/mruby-array-ext/src/array.c. Executing manipulation of the argument start/length can lead to out-of-bounds write. The attack needs to be launched locally. The exploit has been made available to the public and could be exploited. This patch is called 93619f06dd378db6766666b30c08978311c7ec94. It is best practice to apply a patch to resolve this issue.

Severity Score

5.3

Related Resources (9)

Url: https://github.com/mruby/mruby/issues/6650#event-20443453808

Url: https://github.com/mruby/mruby/issues/6650

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-12875

Url: https://github.com/makesoftwaresafe/mruby/commit/93619f06dd378db6766666b30c08978311c7ec94

Url: https://vuldb.com/?submit.680879

Url: https://vuldb.com/?id.331511

Url: https://vuldb.com/?ctiid.331511

Url: https://github.com/mruby/mruby/issues/6650#issuecomment-3430851605

Url: https://www.mend.io/vulnerability-database/CVE-2025-12875

Severity Score

5.3

Weakness Type (CWE)

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-119

Out-of-bounds Write

CWE-787

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	4.3
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2025-12875

Date: November 7, 2025

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?