CVE-2025-5647 – Radare2 Memory Corruption Vulnerability in Radiff2 Component

Vulnerability

A memory corruption vulnerability has been identified in Radare2 version 5.9.9, specifically within the radiff2 component. The issue arises in the function 'r_cons_context_break_pop', located in the library '/libr/cons/cons.c'. The vulnerability is triggered by manipulating the experimental '-T' argument, leading to a double-free error. This issue can only be exploited locally, and while an exploit is publicly available, the vulnerability's existence is currently disputed.

Impact

Exploitation of this vulnerability causes a double-free error, which can lead to memory corruption.

Reproduction

The vulnerability can be reproduced by compiling Radare2 with AddressSanitizer enabled, and then using the radiff2 tool with the '-T' option set to 'POC1' and 'POC2'.

Remediation

Users are advised to update to the patched version of Radare2, which is available on the project's GitHub repository.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Affected Products

Radare2

Easy fix2 remedies

cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*

Easy fix2 remedies

5.9.9

CVSS Scores

volerion

5.5

CVSS 4.0

5.5

Medium

volerion

6.2

CVSS 3.1

6.2

Medium

Vendor

2.0

CVSS 4.0

2.0

Low

Vendor

2.5

CVSS 3.1

2.5

Low

Click a row to open the calculator.

References

https://drive.google.com/file/d/16ApwSAKLDqm1qzJLe-uUZSCyy8HNG965/view?usp=sharing

ExploitPartial Content

https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798

Source CodeVendor

https://github.com/radareorg/radare2/issues/24237

ExploitIssue TrackingTechnical DescriptionVendor

https://github.com/radareorg/radare2/issues/24237#issuecomment-2918846137