CVE-2025-12875: mruby array.c ary_fill_exec out-of-bounds write

Overview

Severity

Medium (CVSS 5.3)

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Exploit Status

Not Exploited

Patch Tuesday

2025-Nov

Released

2025-11-11

Last Updated

2025-11-25

EPSS Score

0.01% (percentile: 1.8%)

Affected Products (5)

Open Source Software

• azl3 nghttp2 1.61.0-2 on Azure Linux 3.0
• cbl2 rust 1.72.0-11 on CBL Mariner 2.0
• azl3 rust 1.75.0-21 on Azure Linux 3.0
• azl3 rust 1.86.0-9 on Azure Linux 3.0
• cbl2 nghttp2 1.57.0-2 on CBL Mariner 2.0

Revision History

• 2025-11-11: Information published.
• 2025-11-25: Information published.