CVE-2025-48637: In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Overview

Severity

High (CVSS 7.8)

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploit Status

Not Exploited

Patch Tuesday

2025-Dec

Released

2026-01-09

Last Updated

2026-02-21

EPSS Score

0.01% (percentile: 2.2%)

Affected Products (3)

Other

• 20808-17084
• 20921-17084
• 20809-17086

Revision History

• 2026-01-09: Information published.
• 2026-01-13: Information published.
• 2026-02-21: Information published.