CVE-2025-63745
MEDIUMradare2 < 6.0.5 - Denial of Service via NULL Pointer Dereference in bin_ne.c info()
Title source: llmDescription
A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the info() function of bin_ne.c. A crafted binary input can trigger a segmentation fault, leading to a denial of service when the tool processes malformed data.
References (4)
Core 4
Core References
Patch, Third Party Advisory
https://github.com/marlinkcyber/advisories/blob/main/advisories/MCSAID-2025-001-radare2-nullptr-deref-bin_ne.md
Patch, Third Party Advisory
https://github.com/marlinkcyber/advisories/blob/main/advisories/radare2-nullptr-deref-bin_ne.md
Issue Tracking
https://github.com/radareorg/radare2/issues/24660
Scores
CVSS v3
5.5
EPSS
0.0013
EPSS Percentile
2.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-476
Status
published
Products (1)
radare/radare2
< 6.0.5
Published
Nov 14, 2025
Tracked Since
Feb 18, 2026