Home > Vulnerability Database > CVE-2025-12875

Mend.io Vulnerability Database

CVE-2025-12875

Good to know:

Date: November 7, 2025

A weakness has been identified in mruby 3.4.0. This vulnerability affects the function ary_fill_exec of the file mrbgems/mruby-array-ext/src/array.c. Executing manipulation of the argument start/length can lead to out-of-bounds write. The attack needs to be launched locally. The exploit has been made available to the public and could be exploited. This patch is called 93619f06dd378db6766666b30c08978311c7ec94. It is best practice to apply a patch to resolve this issue.

Severity Score

7.5

Related Resources (9)

Url: https://github.com/mruby/mruby/issues/6650#event-20443453808

Url: https://github.com/mruby/mruby/issues/6650

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-12875

Url: https://github.com/makesoftwaresafe/mruby/commit/93619f06dd378db6766666b30c08978311c7ec94

Url: https://vuldb.com/?submit.680879

Url: https://vuldb.com/?id.331511

Url: https://vuldb.com/?ctiid.331511

Url: https://github.com/mruby/mruby/issues/6650#issuecomment-3430851605

Url: https://www.mend.io/vulnerability-database/CVE-2025-12875

Severity Score

7.5

Weakness Type (CWE)

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-119

Out-of-bounds Write

CWE-787

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-12875

Good to know:

Date: November 7, 2025

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?