Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-7207

A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scope_new of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is 1fdd96104180cc0fb5d3cb086b05ab6458911bb9. It is recommended to apply a patch to fix this issue.

Published

2025-07-09T01:15:50.380

Last Modified

2025-10-01T20:32:54.307

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 3.3 (LOW)

CVSSv2 Vector

AV:L/AC:L/Au:S/C:N/I:N/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

3.1

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-119
CWE-122
Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mruby	mruby	< 3.4.0	Yes
Application	mruby	mruby	3.4.0	Yes
Application	mruby	mruby	3.4.0	Yes

References

https://github.com/mruby/mruby/commit/1fdd96104180cc0fb5d3cb086b05ab6458911bb9 Patch ([email protected])
https://github.com/mruby/mruby/issues/6509 Exploit, Issue Tracking ([email protected])
https://github.com/mruby/mruby/issues/6509#event-17145516649 Exploit, Issue Tracking ([email protected])
https://github.com/user-attachments/files/19619499/mruby_crash.txt Exploit ([email protected])
https://vuldb.com/?ctiid.315156 Permissions Required, VDB Entry ([email protected])
https://vuldb.com/?id.315156 Third Party Advisory, VDB Entry ([email protected])
https://vuldb.com/?submit.607683 Third Party Advisory, VDB Entry ([email protected])
https://github.com/mruby/mruby/issues/6509 Exploit, Issue Tracking (134c704f-9b21-4f2e-91b3-4a467353bcc0)