CVE-2025-5222: 
Node.js vulnerability analysis and mitigation

A stack buffer overflow vulnerability (CVE-2025-5222) was discovered in International Components for Unicode (ICU) version 76.0.1 on May 26, 2025. The vulnerability affects the SRBRoot::addTag function when running the genrb binary, where the 'subtag' struct can overflow (Wiz Report, NVD Database).

The vulnerability is classified as a stack buffer overflow (CWE-120) that occurs specifically in the SRBRoot::addTag function during genrb binary execution. It has been assigned a HIGH severity rating with a CVSS v3.1 base score of 7.0 (Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). The vulnerability requires local access and user interaction, but no privileges are needed for exploitation (NVD Database, Red Hat CVE).

If successfully exploited, this vulnerability can lead to memory corruption and potential local arbitrary code execution. The high CVSS score indicates significant potential impact on the confidentiality, integrity, and availability of the affected system (Wiz Report, Red Hat Bugzilla).

As of May 29, 2025, no official fixes have been released for the affected systems including Debian 11-13, Red Hat 6-10, and Ubuntu versions 16.04 through 25.04. The vulnerability is being tracked by various Linux distributions with different severity ratings: HIGH for Debian, MEDIUM for Red Hat, and LOW for Ubuntu (Wiz Report).