CVE-2025-5222 describes a high-severity vulnerability affecting the Unicode International Components for Unicode (ICU). This vulnerability allows for a stack buffer overflow when the genrb binary is executed, specifically in the 'subtag' struct at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution, posing a significant threat to systems utilizing this component.
The CVSS score for this vulnerability is 7, categorizing it as high severity. The implications of this vulnerability are critical, as it can be exploited locally with a high attack complexity, requiring user interaction. Thus, it represents a real risk to organizations that rely on the ICU for their applications.
Given the potential for local arbitrary code execution, organizations should prioritize patching immediately. It is important to remain vigilant and assess the impact of this vulnerability in their systems.
This vulnerability has been categorized under CWE-120, which indicates an issue related to buffer management. The security community is currently analyzing this vulnerability, and it has been confirmed that an exploit is available.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)