CVE-2025-5222

HIGH 7.0

Icu: stack buffer overflow in the srbroot::addtag function

CVSS Score

7.0

EPSS Score

0.0%

EPSS Percentile

0th

A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.

CWE	CWE-120
Published	May 27, 2025
Last Updated	Jan 22, 2026

Stay Ahead of the Next One

Get instant alerts for

Be the first to know when new high vulnerabilities are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Red Hat / Red Hat Enterprise Linux 10

All versions affected

Red Hat / Red Hat Enterprise Linux 9

All versions affected

Red Hat / Red Hat Enterprise Linux 9

All versions affected

Red Hat / Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

All versions affected

Red Hat / Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

All versions affected

Red Hat / Red Hat Enterprise Linux 9.4 Extended Update Support

All versions affected

Red Hat / Red Hat Enterprise Linux 6

All versions affected

Red Hat / Red Hat Enterprise Linux 7

All versions affected

Red Hat / Red Hat Enterprise Linux 8

All versions affected

Red Hat / Red Hat Enterprise Linux 8

All versions affected

Red Hat / Red Hat OpenShift Container Platform 4

All versions affected

References

NVD ↗ CVE.org ↗ EPSS Data ↗

access.redhat.com: https://access.redhat.com/errata/RHSA-2025:11888 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:12083 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:12331 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:12332 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:12333 access.redhat.com: https://access.redhat.com/security/cve/CVE-2025-5222 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2368600 lists.debian.org: https://lists.debian.org/debian-lts-announce/2025/06/msg00015.html