CVE-2025-13120

MEDIUM 5.3

mruby array.c sort_cmp use after free

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability has been found in mruby up to 3.4.0. This vulnerability affects the function sort_cmp of the file src/array.c. Such manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is eb398971bfb43c38db3e04528b68ac9a7ce509bc. It is advisable to implement a patch to correct this issue.

CWE	CWE-416 CWE-119
Vendor	n/a
Product	mruby
Published	Nov 13, 2025
Last Updated	Mar 4, 2026

Stay Ahead of the Next One

Get instant alerts for n/a mruby

Be the first to know when new medium vulnerabilities affecting n/a mruby are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

n/a / mruby

3.0 3.1 3.2 3.3 3.4.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.332325 vuldb.com: https://vuldb.com/?ctiid.332325 vuldb.com: https://vuldb.com/?submit.683435 github.com: https://github.com/mruby/mruby/issues/6649 github.com: https://github.com/makesoftwaresafe/mruby/pull/263 github.com: https://github.com/mruby/mruby/issues/6649#issue-3534393003 github.com: https://github.com/mruby/mruby/commit/eb398971bfb43c38db3e04528b68ac9a7ce509bc github.com: https://github.com/mruby/mruby/

Credits

🔍 tjbecker (VulDB User)