CVE-2025-50361

MEDIUM

SmallBASIC <v12_28 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-50361. PoCs published by Ch1keen.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2025-50361, a global buffer overflow vulnerability in SmallBASIC caused by unsafe use of `strcpy` in the `main` function. The writeup includes root cause analysis, proof-of-concept trigger, AddressSanitizer output, and patch details.

Description

Buffer Overflow was found in SmallBASIC community SmallBASIC with SDL Before v12_28, and commit sha:298a1d495355959db36451e90a0ac74bcc5593fe in the function main.cpp, which can lead to potential information leakage and crash.

Exploits (1)

nomisec WRITEUP
by Ch1keen · poc
https://github.com/Ch1keen/CVE-2025-50361

This repository provides a detailed technical analysis of CVE-2025-50361, a global buffer overflow vulnerability in SmallBASIC caused by unsafe use of `strcpy` in the `main` function. The writeup includes root cause analysis, proof-of-concept trigger, AddressSanitizer output, and patch details.

Classification
Writeup 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: SmallBASIC (before commit 02364eff880ba62afac67bcceebafade2b40d21f)
No auth needed
Prerequisites: Access to command-line arguments of the SmallBASIC interpreter
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, Patch
https://github.com/Ch1keen/CVE-2025-50361

Scores

CVSS v3 5.1
EPSS 0.0018
EPSS Percentile 7.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-120
Status published
Products (1)
smallbasic/smallbasic < 12.28
Published Dec 03, 2025
Tracked Since Feb 18, 2026