CVE-2025-1864 – CVE-2025-1864 is a memory buffer overflow vulne... (How to Fix)

Q: What is the severity of CVE-2025-1864?

CVE-2025-1864 has a CVSS score of 9.8 (CRITICAL). CVE-2025-1864 is a memory buffer overflow vulnerability in radare2, a reverse engineering framework. Attackers can exploit this to execute arbitrary code or cause denial of service. Users running radare2 versions before 5.9.9 are affected.

📋 TL;DR

CVE-2025-1864 is a memory buffer overflow vulnerability in radare2, a reverse engineering framework. Attackers can exploit this to execute arbitrary code or cause denial of service. Users running radare2 versions before 5.9.9 are affected.

💻 Affected Systems

Products:

radareorg radare2

Versions: All versions before 5.9.9

Operating Systems: Linux, Windows, macOS, BSD

Default Config Vulnerable: ⚠️ Yes

Notes: Any configuration using radare2 to analyze untrusted binary files is vulnerable.

📦 What is this software?

Radare2 by Radare

View all CVEs affecting Radare2 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the radare2 process, potentially leading to complete system compromise.

🟠

Likely Case

Application crash (denial of service) or limited code execution within the radare2 process context.

🟢

If Mitigated

If radare2 runs with minimal privileges (non-root, sandboxed), impact is limited to the application environment.

🌐 Internet-Facing: LOW (radare2 is typically used locally for reverse engineering, not as an internet-facing service)

🏢 Internal Only: MEDIUM (internal users could exploit if they can supply malicious input files to radare2)

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires feeding a specially crafted binary file to radare2. No authentication needed if user can supply input files.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.9.9

Vendor Advisory: https://github.com/radareorg/radare2/pull/23981

Restart Required: No

Instructions:

1. Update radare2 to version 5.9.9 or later. 2. For package managers: 'sudo apt update && sudo apt upgrade radare2' (Debian/Ubuntu) or 'brew upgrade radare2' (macOS). 3. For source: git pull from repository and rebuild.

🔧 Temporary Workarounds

Restrict file analysis

all

Only analyze trusted binary files with radare2 until patched.

Run with reduced privileges

linux

Execute radare2 as non-root user with limited permissions.

sudo -u lowprivuser radare2 [file]

🧯 If You Can't Patch

Isolate radare2 usage to dedicated, non-critical systems
Implement strict file validation before feeding binaries to radare2

🔍 How to Verify

Check if Vulnerable:

Run 'r2 -v' and check if version is below 5.9.9

Check Version:

r2 -v | grep version

Verify Fix Applied:

Confirm version is 5.9.9 or higher with 'r2 -v'

📡 Detection & Monitoring

Log Indicators:

Radare2 process crashes
Segmentation fault errors in system logs

Network Indicators:

Unusual outbound connections from radare2 process (if exploited for C2)

SIEM Query:

process_name:"radare2" AND (event_type:"crash" OR exit_code:139)

📊 Metadata

CVE ID: CVE-2025-1864

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.26% exploit probability (49.1th percentile)

Published: March 3, 2025

Last Updated: July 1, 2025

🔗 References

https://github.com/radareorg/radare2/pull/23981 Issue Tracking,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-1864, you might also want to check these: