CVE-2025-12745
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-05

Last updated on: 2026-04-29

Assigner: VulDB

Description
A weakness has been identified in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. This affects the function js_array_buffer_slice of the file quickjs.c. This manipulation causes buffer over-read. The attack is restricted to local execution. The exploit has been made available to the public and could be exploited. This product adopts a rolling release strategy to maintain continuous delivery Patch name: c6fe5a98fd3ef3b7064e6e0145dfebfe12449fea. To fix this issue, it is recommended to deploy a patch.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-05
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-11-05
EPSS Evaluated
2026-06-15
NVD
CVE-2025-12745
EUVD
EUVD-2025-37919
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
quickjs quickjs *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-126 The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a weakness in QuickJS affecting the function js_array_buffer_slice in the file quickjs.c. It causes a buffer over-read, meaning the program reads more data than it should from a buffer, which can lead to unexpected behavior or information disclosure. The attack exploiting this vulnerability is limited to local execution, and a public exploit is available. A patch has been released to fix this issue.

Impact Analysis

The vulnerability can lead to buffer over-read, potentially causing information disclosure or corruption of data. Since the attack requires local access, an attacker with local privileges could exploit this to gain unauthorized access to sensitive information or disrupt the normal operation of the software. It may impact the confidentiality, integrity, and availability of the affected system.

Mitigation Strategies

To mitigate this vulnerability, it is recommended to deploy the patch identified as c6fe5a98fd3ef3b7064e6e0145dfebfe12449fea. Since the attack requires local execution, limiting local access and applying the patch promptly are the immediate steps to take.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12745. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart