Vulnerability Description
A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scope_new of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is 1fdd96104180cc0fb5d3cb086b05ab6458911bb9. It is recommended to apply a patch to fix this issue.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mruby | Mruby | < 3.4.0 |
Related Weaknesses (CWE)
References
- https://github.com/mruby/mruby/commit/1fdd96104180cc0fb5d3cb086b05ab6458911bb9Patch
- https://github.com/mruby/mruby/issues/6509ExploitIssue Tracking
- https://github.com/mruby/mruby/issues/6509#event-17145516649ExploitIssue Tracking
- https://github.com/user-attachments/files/19619499/mruby_crash.txtExploit
- https://vuldb.com/?ctiid.315156Permissions RequiredVDB Entry
- https://vuldb.com/?id.315156Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.607683Third Party AdvisoryVDB Entry
- https://github.com/mruby/mruby/issues/6509ExploitIssue Tracking
FAQ
What is CVE-2025-7207?
CVE-2025-7207 is a vulnerability with a CVSS score of 3.3 (LOW). A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scope_new of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Ha...
How severe is CVE-2025-7207?
CVE-2025-7207 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-7207?
Check the references section above for vendor advisories and patch information. Affected products include: Mruby Mruby.