CVE-2025-50360

HIGH

Pepper language 0.1.1 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-50360. PoCs published by Ch1keen.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2025-50360, a heap buffer overflow vulnerability in Pepper Language versions 0.1.1 and earlier. The root cause is a fixed-size array in the compiler structure that can only hold 64 compiler_scope structures, leading to overflow when processing files with more than 65 constants.

Description

A heap buffer overflow in compiler.c and compiler.h in Pepper language 0.1.1commit 961a5d9988c5986d563310275adad3fd181b2bb7. Malicious execution of a pepper source file(.pr) could lead to arbitrary code execution or Denial of Service.

Exploits (1)

nomisec WRITEUP
by Ch1keen · poc
https://github.com/Ch1keen/CVE-2025-50360

This repository provides a detailed technical analysis of CVE-2025-50360, a heap buffer overflow vulnerability in Pepper Language versions 0.1.1 and earlier. The root cause is a fixed-size array in the compiler structure that can only hold 64 compiler_scope structures, leading to overflow when processing files with more than 65 constants.

Classification
Writeup 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Pepper Language (versions 0.1.1 and earlier)
No auth needed
Prerequisites: A file with more than 65 constants to trigger the overflow
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 8.4
EPSS 0.0021
EPSS Percentile 10.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-122
Status published
Products (1)
dannyvankooten/pepper 0.1.1
Published Dec 03, 2025
Tracked Since Feb 18, 2026