Vulnerability Description
A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Unicode | International Components For Unicode | < 77.1 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2025:11888Vendor Advisory
- https://access.redhat.com/errata/RHSA-2025:12083Vendor Advisory
- https://access.redhat.com/errata/RHSA-2025:12331Vendor Advisory
- https://access.redhat.com/errata/RHSA-2025:12332Vendor Advisory
- https://access.redhat.com/errata/RHSA-2025:12333Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2025-5222Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2368600Issue Tracking
- https://unicode-org.atlassian.net/jira/software/c/projects/ICU/issues/ICU-22957
- https://lists.debian.org/debian-lts-announce/2025/06/msg00015.htmlMailing List
FAQ
What is CVE-2025-5222?
CVE-2025-5222 is a vulnerability with a CVSS score of 7.0 (HIGH). A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to ...
How severe is CVE-2025-5222?
CVE-2025-5222 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-5222?
Check the references section above for vendor advisories and patch information. Affected products include: Unicode International Components For Unicode.