CVE-2025-11010

EUVD-2025-31332
A vulnerability has been found in vstakhov libucl up to 0.9.2. Affected by this vulnerability is the function ucl_include_common of the file /src/ucl_util.c. Such manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
VulDBCNA
5.3 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
vstakhovlibucl
0.9.0
CNA
vstakhovlibucl
0.9.1
CNA
vstakhovlibucl
0.9.2
CNA
Common Weakness Enumeration
References
https://github.com/user-attachments/files/22317650/poc.zip
https://github.com/vstakhov/libucl/issues/337
https://vuldb.com/?ctiid.325953
https://vuldb.com/?id.325953
https://vuldb.com/?submit.654068