Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-63745
CVE-2025-63745:
NixOS vulnerability analysis and mitigation
Overview
A NULL pointer dereference vulnerability (CVE-2025-63745) was discovered in radare2 version 6.0.5 and earlier within the info() function of bin_ne.c. The vulnerability was disclosed on November 14, 2025, and affects the radare2 binary analysis tool (NVD).
Technical details
The vulnerability exists in the info() function of bin_ne.c where a NULL pointer dereference can occur when processing malformed binary data. The issue has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. The vulnerability is classified as CWE-476 (NULL Pointer Dereference) (NVD).
Impact
When exploited, the vulnerability can trigger a segmentation fault, leading to a denial of service condition when the tool processes malformed data. This affects the availability of the radare2 tool but does not impact confidentiality or integrity (NVD).
Mitigation and workarounds
A fix has been implemented in the radare2 repository through commit 6c5df3f8570d4f0c360681c08241ad8af3b919fd. Users should upgrade to a version newer than 6.0.5 to mitigate this vulnerability (GitHub Commit).
Additional resources
Source: This report was generated using AI
Related NixOS vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management