CVE-2025-5222 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7 HIGH	LOCAL	HIGH	NONE	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 10%

Affected Products (NVD)

Vendor	Product	Version
unicode	international_components_for_unicode	𝑥 < 77.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

icu

bookworm	72.1-3+deb12u1 fixed
bookworm (security)	72.1-3+deb12u1 fixed
bullseye	vulnerable
bullseye (security)	67.1-7+deb11u1 fixed
forky	78.3-2 fixed
sid	78.3-2 fixed
trixie	76.1-4 fixed

openSUSE / SLES Releases

openSUSE Product

Release

libicu-devel

suse enterprise desktop 15 SP6	65.1-150200.4.15.1 fixed
suse enterprise desktop 15 SP7	65.1-150200.4.15.1 fixed
suse enterprise sap 15 SP6	65.1-150200.4.15.1 fixed
suse enterprise sap 15 SP7	65.1-150200.4.15.1 fixed
suse enterprise server 12 SP5	52.1-8.16.1 fixed
suse enterprise server 15 SP2	65.1-150200.4.15.1 fixed
suse enterprise server 15 SP3	65.1-150200.4.15.1 fixed
suse enterprise server 15 SP4	65.1-150200.4.15.1 fixed
suse enterprise server 15 SP5	65.1-150200.4.15.1 fixed
suse enterprise server 15 SP6	65.1-150200.4.15.1 fixed
suse enterprise server 15 SP7	65.1-150200.4.15.1 fixed

libicu-doc

suse enterprise server 12 SP3	52.1-8.16.1 fixed
suse enterprise server 12 SP5	52.1-8.16.1 fixed

libicu-suse65_1

suse enterprise desktop 15 SP6	65.1-150200.4.15.1 fixed
suse enterprise desktop 15 SP7	65.1-150200.4.15.1 fixed
suse enterprise sap 15 SP6	65.1-150200.4.15.1 fixed
suse enterprise sap 15 SP7	65.1-150200.4.15.1 fixed
suse enterprise server 15 SP2	65.1-150200.4.15.1 fixed
suse enterprise server 15 SP3	65.1-150200.4.15.1 fixed
suse enterprise server 15 SP4	65.1-150200.4.15.1 fixed
suse enterprise server 15 SP5	65.1-150200.4.15.1 fixed
suse enterprise server 15 SP6	65.1-150200.4.15.1 fixed
suse enterprise server 15 SP7	65.1-150200.4.15.1 fixed

libicu-suse65_1-32bit

suse enterprise server 15 SP3

65.1-150200.4.15.1

fixed

libicu52_1

suse enterprise server 12 SP3	52.1-8.16.1 fixed
suse enterprise server 12 SP5	52.1-8.16.1 fixed

libicu52_1-32bit

suse enterprise server 12 SP3	52.1-8.16.1 fixed
suse enterprise server 12 SP5	52.1-8.16.1 fixed

libicu52_1-data

suse enterprise server 12 SP3	52.1-8.16.1 fixed
suse enterprise server 12 SP5	52.1-8.16.1 fixed

libicu60_2

suse enterprise desktop 15 SP6	60.2-150000.3.18.1 fixed
suse enterprise desktop 15 SP7	60.2-150000.3.18.1 fixed
suse enterprise sap 15 SP6	60.2-150000.3.18.1 fixed
suse enterprise sap 15 SP7	60.2-150000.3.18.1 fixed
suse enterprise server 15 SP2	60.2-150000.3.18.1 fixed
suse enterprise server 15 SP3	60.2-150000.3.18.1 fixed
suse enterprise server 15 SP4	60.2-150000.3.18.1 fixed
suse enterprise server 15 SP5	60.2-150000.3.18.1 fixed
suse enterprise server 15 SP6	60.2-150000.3.18.1 fixed
suse enterprise server 15 SP7	60.2-150000.3.18.1 fixed

libicu60_2-bedata

suse enterprise desktop 15 SP6	60.2-150000.3.18.1 fixed
suse enterprise desktop 15 SP7	60.2-150000.3.18.1 fixed
suse enterprise sap 15 SP6	60.2-150000.3.18.1 fixed
suse enterprise sap 15 SP7	60.2-150000.3.18.1 fixed
suse enterprise server 15 SP3	60.2-150000.3.18.1 fixed
suse enterprise server 15 SP4	60.2-150000.3.18.1 fixed
suse enterprise server 15 SP5	60.2-150000.3.18.1 fixed
suse enterprise server 15 SP6	60.2-150000.3.18.1 fixed
suse enterprise server 15 SP7	60.2-150000.3.18.1 fixed

libicu60_2-ledata

suse enterprise desktop 15 SP6	60.2-150000.3.18.1 fixed
suse enterprise desktop 15 SP7	60.2-150000.3.18.1 fixed
suse enterprise sap 15 SP6	60.2-150000.3.18.1 fixed
suse enterprise sap 15 SP7	60.2-150000.3.18.1 fixed
suse enterprise server 15 SP2	60.2-150000.3.18.1 fixed
suse enterprise server 15 SP3	60.2-150000.3.18.1 fixed
suse enterprise server 15 SP4	60.2-150000.3.18.1 fixed
suse enterprise server 15 SP5	60.2-150000.3.18.1 fixed
suse enterprise server 15 SP6	60.2-150000.3.18.1 fixed
suse enterprise server 15 SP7	60.2-150000.3.18.1 fixed

libicu65_1-bedata

suse enterprise desktop 15 SP6	65.1-150200.4.15.1 fixed
suse enterprise desktop 15 SP7	65.1-150200.4.15.1 fixed
suse enterprise sap 15 SP6	65.1-150200.4.15.1 fixed
suse enterprise sap 15 SP7	65.1-150200.4.15.1 fixed
suse enterprise server 15 SP3	65.1-150200.4.15.1 fixed
suse enterprise server 15 SP4	65.1-150200.4.15.1 fixed
suse enterprise server 15 SP5	65.1-150200.4.15.1 fixed
suse enterprise server 15 SP6	65.1-150200.4.15.1 fixed
suse enterprise server 15 SP7	65.1-150200.4.15.1 fixed

libicu65_1-ledata

suse enterprise desktop 15 SP6	65.1-150200.4.15.1 fixed
suse enterprise desktop 15 SP7	65.1-150200.4.15.1 fixed
suse enterprise sap 15 SP6	65.1-150200.4.15.1 fixed
suse enterprise sap 15 SP7	65.1-150200.4.15.1 fixed
suse enterprise server 15 SP2	65.1-150200.4.15.1 fixed
suse enterprise server 15 SP3	65.1-150200.4.15.1 fixed
suse enterprise server 15 SP4	65.1-150200.4.15.1 fixed
suse enterprise server 15 SP5	65.1-150200.4.15.1 fixed
suse enterprise server 15 SP6	65.1-150200.4.15.1 fixed
suse enterprise server 15 SP7	65.1-150200.4.15.1 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

icu

RHEL 9

0:67.1-10.el9_6

fixed

libicu

RHEL 9

0:67.1-10.el9_6

fixed

libicu-devel

RHEL 9

0:67.1-10.el9_6

fixed

Common Weakness Enumeration

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References

https://access.redhat.com/errata/RHSA-2025:11888

https://access.redhat.com/errata/RHSA-2025:12083

https://access.redhat.com/errata/RHSA-2025:12331

https://access.redhat.com/errata/RHSA-2025:12332

https://access.redhat.com/errata/RHSA-2025:12333

https://access.redhat.com/security/cve/CVE-2025-5222

https://bugzilla.redhat.com/show_bug.cgi?id=2368600

https://unicode-org.atlassian.net/jira/software/c/projects/ICU/issues/ICU-22957

https://lists.debian.org/debian-lts-announce/2025/06/msg00015.html