CVE-2025-13120 – This CVE describes a use-after-free vulnerabili... (How to Fix)

📋 TL;DR

This CVE describes a use-after-free vulnerability in mruby's sort_cmp function that could allow local attackers to execute arbitrary code or cause denial of service. The vulnerability affects mruby versions up to 3.4.0. Systems using vulnerable mruby versions are at risk if untrusted users have local access.

💻 Affected Systems

Products:

mruby

Versions: All versions up to and including 3.4.0

Operating Systems: All operating systems running mruby

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems where mruby is installed and used. The vulnerability requires local access to exploit.

📦 What is this software?

Mruby by Mruby

View all CVEs affecting Mruby →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to full system compromise, arbitrary code execution, or persistent backdoor installation.

🟠

Likely Case

Denial of service through application crashes or limited privilege escalation within the mruby context.

🟢

If Mitigated

Minimal impact if proper access controls prevent untrusted local users from executing mruby code.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring attacker access to the system.

🏢 Internal Only: MEDIUM - Internal users with local access could exploit this, but requires specific conditions to be useful.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploit requires local access and knowledge of the system. The vulnerability has been publicly disclosed with technical details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after commit eb398971bfb43c38db3e04528b68ac9a7ce509bc

Vendor Advisory: https://github.com/mruby/mruby/commit/eb398971bfb43c38db3e04528b68ac9a7ce509bc

Restart Required: Yes

Instructions:

1. Update mruby to a version containing commit eb398971bfb43c38db3e04528b68ac9a7ce509bc
2. Recompile any applications using mruby
3. Restart affected services

🔧 Temporary Workarounds

Restrict local access

all

Limit local user access to systems running vulnerable mruby versions

Disable unnecessary mruby functionality

all

If possible, disable or restrict array sorting functionality in mruby

🧯 If You Can't Patch

Implement strict access controls to prevent untrusted local users from executing mruby code
Monitor systems for unusual process behavior or crashes related to mruby execution

🔍 How to Verify

Check if Vulnerable:

Check mruby version with 'mruby --version' or examine installed packages. Versions <= 3.4.0 are vulnerable.

Check Version:

mruby --version

Verify Fix Applied:

Verify the commit hash contains eb398971bfb43c38db3e04528b68ac9a7ce509bc or check for version > 3.4.0

📡 Detection & Monitoring

Log Indicators:

Segmentation faults in mruby processes
Unexpected process termination of mruby applications
Unusual memory access patterns

Network Indicators:

None - this is a local vulnerability

SIEM Query:

Process termination events for mruby executables OR segmentation fault errors containing 'mruby'

📊 Metadata

CVE ID: CVE-2025-13120

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-119

EPSS Score: 0.02% exploit probability (3.3th percentile)

Published: November 13, 2025

Last Updated: February 24, 2026

🔗 References

https://github.com/makesoftwaresafe/mruby/pull/263 Issue Tracking
https://github.com/mruby/mruby/
https://github.com/mruby/mruby/commit/eb398971bfb43c38db3e04528b68ac9a7ce509bc Patch
https://github.com/mruby/mruby/issues/6649 Issue Tracking,Vendor Advisory
https://github.com/mruby/mruby/issues/6649#issue-3534393003 Issue Tracking,Vendor Advisory
https://vuldb.com/?ctiid.332325 Permissions Required,VDB Entry
https://vuldb.com/?id.332325 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.683435 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-13120, you might also want to check these: