CVE-2025-12745
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-05

Last updated on: 2026-04-29

Assigner: VulDB

Description
A weakness has been identified in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. This affects the function js_array_buffer_slice of the file quickjs.c. This manipulation causes buffer over-read. The attack is restricted to local execution. The exploit has been made available to the public and could be exploited. This product adopts a rolling release strategy to maintain continuous delivery Patch name: c6fe5a98fd3ef3b7064e6e0145dfebfe12449fea. To fix this issue, it is recommended to deploy a patch.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-05
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-11-05
EPSS Evaluated
2026-05-05
NVD
CVE-2025-12745
EUVD
EUVD-2025-37919
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
quickjs quickjs *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-126 The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a weakness in QuickJS affecting the function js_array_buffer_slice in the file quickjs.c. It causes a buffer over-read, meaning the program reads more data than it should from a buffer, which can lead to unexpected behavior or information disclosure. The attack exploiting this vulnerability is limited to local execution, and a public exploit is available. A patch has been released to fix this issue.


How can this vulnerability impact me? :

The vulnerability can lead to buffer over-read, potentially causing information disclosure or corruption of data. Since the attack requires local access, an attacker with local privileges could exploit this to gain unauthorized access to sensitive information or disrupt the normal operation of the software. It may impact the confidentiality, integrity, and availability of the affected system.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, it is recommended to deploy the patch identified as c6fe5a98fd3ef3b7064e6e0145dfebfe12449fea. Since the attack requires local execution, limiting local access and applying the patch promptly are the immediate steps to take.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart