CVE-2025-12745

A weakness has been identified in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. This affects the function js_array_buffer_slice of the file quickjs.c. This manipulation causes buffer over-read. The attack is restricted to local execution. The exploit has been made available to the public and could be exploited. This product adopts a rolling release strategy to maintain continuous delivery Patch name: c6fe5a98fd3ef3b7064e6e0145dfebfe12449fea. To fix this issue, it is recommended to deploy a patch.

CVSS v3 5.3 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 3.1 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/bellard/quickjs/commit/c6fe5a98fd3ef3b7064e6e0145dfebfe12449fea
https://github.com/bellard/quickjs/issues/451
https://github.com/bellard/quickjs/issues/451#issue-3533698042
https://github.com/bellard/quickjs/issues/451#issuecomment-3481807558
https://vuldb.com/?ctiid.331268
https://vuldb.com/?id.331268
https://vuldb.com/?submit.678850
https://github.com/bellard/quickjs/issues/451
https://github.com/bellard/quickjs/issues/451#issue-3533698042
https://github.com/bellard/quickjs/issues/451#issuecomment-3481807558

Configurations

No configuration.

History

05 Nov 2025, 20:15

Type	Values Removed	Values Added
References	~~() https://github.com/bellard/quickjs/issues/451 -~~	() https://github.com/bellard/quickjs/issues/451 -
References	~~() https://github.com/bellard/quickjs/issues/451#issue-3533698042 -~~	() https://github.com/bellard/quickjs/issues/451#issue-3533698042 -
References	~~() https://github.com/bellard/quickjs/issues/451#issuecomment-3481807558 -~~	() https://github.com/bellard/quickjs/issues/451#issuecomment-3481807558 -

05 Nov 2025, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-11-05 19:15

Updated : 2025-11-05 20:15

NVD link : CVE-2025-12745

Mitre link : CVE-2025-12745

CVE.ORG link : CVE-2025-12745

JSON object : View

Products Affected

No product.

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-126

Buffer Over-read

5.3 /10