CVE-2025-5222

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions icu (affected versions not specified) Debian Linux (affected versions not specified)

Description A stack buffer overflow issue was discovered in the International Components for Unicode (ICU). The issue occurs when running the genrb binary, causing the 'subtag' struct to overflow at the SRBRoot::addTag function. This may result in memory corruption and potentially allow for local arbitrary code execution.

Recommendations For icu, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Debian Linux, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

ALSA-2025:11888

ALSA-2025:12083

AZL-66147

AZL-66156

AZL-69692

AZL-69706

BDU:2025-10931

CVE-2025-5222

DLA-4217-1

DSA-5951-1

ECHO-DA2B-993E-93AC

INFSA-2025_12083

MGASA-2025-0249

OESA-2025-1982

OPENSUSE-SU-2025:15230-1

RHSA-2025:11888

RHSA-2025:12083

RHSA-2025:12331

RHSA-2025:12332

RHSA-2025:12333

RHSA-2025_12083

SUSE-SU-2025:02059-1

SUSE-SU-2025:02079-1

SUSE-SU-2025:02216-1

SUSE-SU-2025_02059-1

SUSE-SU-2025_02079-1

SUSE-SU-2025_02216-1

Affected Products

Almalinux

Astra Linux

Debian

Red Hat

Red Os

Rocky Linux

Suse

Icu

CVE-2025-5222

Weakness Enumeration

Related Identifiers

Affected Products

References · 74