Vulnerability Description
An issue was discovered in Cista v0.15 and below. Insecure deserialization of untrusted input under certain conditions may lead to leaking of stack/heap addresses which may be used to bypass ASLR. Classes with pointer-like mechanics under the cista::raw namespace are prone to reference tampering, where Cista does not perform sufficient checks to safeguard against self-referencing pointers and referencing other data within the payload. The leak occurs if the deserialized values are observable by the attacker.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- http://cista.com
- https://gist.github.com/TrebledJ/66cc0ed37bdb3e70ce0ef98396790771
- https://gist.github.com/TrebledJ/66cc0ed37bdb3e70ce0ef98396790771
FAQ
What is CVE-2025-60887?
CVE-2025-60887 is a vulnerability with a CVSS score of 5.3 (MEDIUM). An issue was discovered in Cista v0.15 and below. Insecure deserialization of untrusted input under certain conditions may lead to leaking of stack/heap addresses which may be used to bypass ASLR. Cla...
How severe is CVE-2025-60887?
CVE-2025-60887 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-60887?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.