Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-0634
CVE-2025-0634:
Linux Debian vulnerability analysis and mitigation
Overview
CVE-2025-0634 is a Use After Free vulnerability discovered in Samsung Open Source rLottie version 0.2. The vulnerability was disclosed on June 29, 2025, and affects the rLottie software component (NVD, CVE).
Technical details
The vulnerability is classified as a Use After Free (CWE-416) issue that allows Remote Code Inclusion. The CVSS v4.0 base score is 5.1 (Medium) with the vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N (NVD).
Impact
The vulnerability could potentially allow remote code inclusion, which may lead to unauthorized code execution in the context of the application. The CVSS scoring indicates low-level impacts on confidentiality, integrity, and availability (NVD).
Mitigation and workarounds
A fix has been developed and submitted through a pull request that implements several validation checks including type checking for CompLayer(), bounds checking for Gradient::populate(), frames vector empty check, and rejection of outliers (GitHub PR).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management