CVE-2025-5222 – A stack buffer overflow vulnerability in Intern... (How to Fix)

Q: What is the severity of CVE-2025-5222?

CVE-2025-5222 has a CVSS score of 7.0 (HIGH). A stack buffer overflow vulnerability in International Components for Unicode (ICU) allows local attackers to execute arbitrary code through the genrb binary. This affects systems using vulnerable ICU versions where genrb processes untrusted input. The vulnerability requires local access to the system.

📋 TL;DR

A stack buffer overflow vulnerability in International Components for Unicode (ICU) allows local attackers to execute arbitrary code through the genrb binary. This affects systems using vulnerable ICU versions where genrb processes untrusted input. The vulnerability requires local access to the system.

💻 Affected Systems

Products:

International Components for Unicode (ICU)
Red Hat Enterprise Linux
Applications using vulnerable ICU libraries

Versions: ICU versions prior to patched releases; specific affected versions in Red Hat advisories

Operating Systems: Linux distributions including RHEL, CentOS, Fedora, Potentially other Unix-like systems

Default Config Vulnerable: ⚠️ Yes

Notes: Only exploitable if genrb binary is present and accessible to local users; many systems may have ICU libraries but not genrb tool.

📦 What is this software?

International Components For Unicode by Unicode

View all CVEs affecting International Components For Unicode →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains full system control through arbitrary code execution, potentially leading to privilege escalation, data theft, or complete system compromise.

🟠

Likely Case

Local user with limited privileges gains elevated privileges through memory corruption, allowing them to bypass security controls and access restricted resources.

🟢

If Mitigated

Attack fails due to proper input validation, memory protection mechanisms, or lack of local access to vulnerable binary.

🌐 Internet-Facing: LOW - Requires local access to system; not directly exploitable over network.

🏢 Internal Only: MEDIUM - Internal users with local access could exploit this for privilege escalation or lateral movement.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to feed malicious input to genrb; buffer overflow exploitation requires specific memory layout knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check specific Red Hat advisories for version numbers

Vendor Advisory: https://access.redhat.com/errata/RHSA-2025:11888

Restart Required: Yes

Instructions:

1. Identify affected ICU packages: rpm -qa | grep icu
2. Update packages: yum update icu*
3. Restart affected services using ICU libraries
4. Verify update: rpm -q icu --changelog | grep CVE-2025-5222

🔧 Temporary Workarounds

Remove genrb binary

linux

Remove or restrict access to genrb tool if not required

rm /usr/bin/genrb
chmod 000 /usr/bin/genrb

Restrict binary permissions

linux

Limit genrb execution to trusted users only

chmod 750 /usr/bin/genrb
chown root:trustedgroup /usr/bin/genrb

🧯 If You Can't Patch

Implement strict access controls to prevent untrusted users from executing genrb
Monitor system logs for genrb execution attempts and investigate suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check if genrb exists and ICU version is vulnerable: which genrb && rpm -q icu --changelog | grep -i 'CVE-2025-5222\|buffer overflow'

Check Version:

rpm -q icu --queryformat '%{VERSION}-%{RELEASE}\n'

Verify Fix Applied:

Verify ICU package version is updated and contains fix: rpm -q icu --changelog | grep 'CVE-2025-5222'

📡 Detection & Monitoring

Log Indicators:

Unusual genrb execution patterns
Process crashes of genrb
Memory violation alerts in system logs

Network Indicators:

Not applicable - local exploit only

SIEM Query:

process.name:"genrb" AND (event.action:"exec" OR event.action:"crash")

📊 Metadata

CVE ID: CVE-2025-5222

CVSS v3 Score: 7.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-120

EPSS Score: 0.04% exploit probability (11.6th percentile)

Published: May 27, 2025

Last Updated: January 23, 2026

🔗 References

https://access.redhat.com/errata/RHSA-2025:11888 Vendor Advisory
https://access.redhat.com/errata/RHSA-2025:12083 Vendor Advisory
https://access.redhat.com/errata/RHSA-2025:12331 Vendor Advisory
https://access.redhat.com/errata/RHSA-2025:12332 Vendor Advisory
https://access.redhat.com/errata/RHSA-2025:12333 Vendor Advisory
https://access.redhat.com/security/cve/CVE-2025-5222 Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2368600 Issue Tracking
https://lists.debian.org/debian-lts-announce/2025/06/msg00015.html Mailing List

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5222, you might also want to check these: