CVE-2025-12875: 
NixOS vulnerability analysis and mitigation

A critical vulnerability (CVE-2025-12875) was discovered in mruby version 3.4.0, specifically affecting the aryfillexec function in the file mrbgems/mruby-array-ext/src/array.c. The vulnerability was disclosed on October 21, 2025, and involves an out-of-bounds write condition that occurs when manipulating the argument start/length parameters (GitHub Issue).

The vulnerability is classified as an out-of-bounds write (CWE-787) with a CVSS v3.1 base score of 5.3 MEDIUM. The issue occurs when Array#fill_exec is called with a negative start and positive length parameters, leading to a buffer underflow condition. The vulnerability allows for pointer underflow when start is negative, as fillexec does not properly validate start<0, resulting in ptr = ARYPTR(ary)+start underflowing and ptr[i] writing before the array bounds (VulDB, GitHub Issue).

The vulnerability affects the confidentiality, integrity, and availability of the system. When exploited, it can lead to memory corruption through out-of-bounds write operations, potentially causing system crashes or enabling arbitrary code execution in the context of the application (VulDB).

A patch has been released (commit 93619f06dd378db6766666b30c08978311c7ec94) that adds proper validation for negative start and length parameters. The fix includes normalizing negative start indices and ensuring length parameters are non-negative. It is recommended to update to the patched version immediately (GitHub Commit).