CVE-2025-45663

Exploit

EPSS 0.07%
Veröffentlicht 03.11.2025 00:00:00
Zuletzt bearbeitet 05.11.2025 18:19:10
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue in NetSurf v3.11 causes the application to read uninitialized heap memory when creating a dom_event structure.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Netsurf-browser ≫ Netsurf Version3.11

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.219

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CWE-244 Improper Clearing of Heap Memory Before Release ('Heap Inspection')

Using realloc() to resize buffers that store sensitive information can leave the sensitive information exposed to attack, because it is not removed from memory.

https://github.com/Fysac/netsurf-disclosure/tree/main/CVE-2025-45663

Third Party Advisory

Exploit

https://www.netsurf-browser.org/

Product

https://nvd.nist.gov/vuln/detail/CVE-2025-45663

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-45663

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-45663

EUVD