CVE-2025-69720

CWE-121Stack-based Buffer OverflowCWE-120Classic Buffer Overflow8 documents8 sources
Severity
7.8HIGH
EPSS
0.0%
top 94.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GNU NcursesInvisible-island Ncurses
Timeline
PublishedMar 19

Description

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:LExploitability: 1.8 | Impact: 5.5

Affected Packages3 packages

CVEListV5gnu/ncurses< 6.5-20251213
Debianncurses< 6.6+20251231-1

🔴Vulnerability Details

3
GHSA
GHSA-9952-mrqj-h4jh: ncurses v62026-03-19
CVEList
CVE-2025-69720: The infocmp command-line tool in ncurses before 62026-03-19
OSV
CVE-2025-69720: The infocmp command-line tool in ncurses before 62026-03-19

📋Vendor Advisories

3
Red Hat
ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.2026-03-19
Microsoft
CVE-2025-69720: Mariner: Mariner mitre: mitre Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn2026-03-10
Debian
CVE-2025-69720: ncurses - The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based b...2025

🕵️Threat Intelligence

1
Wiz
CVE-2025-69720 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-69720 (HIGH CVSS 7.8) | The infocmp command-line tool in nc | cvebase.io