{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-52568", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-06-18T03:55:52.036Z", "datePublished": "2025-06-24T03:06:12.471Z", "dateUpdated": "2025-06-24T14:51:58.515Z"}, "containers": {"cna": {"title": "NeKernal Multiple Memory Corruption Vulnerabilities in mkfs.hefs", "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "lang": "en", "description": "CWE-20: Improper Input Validation", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-770", "lang": "en", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/nekernel-org/nekernel/security/advisories/GHSA-cmp2-5f6g-mw34", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/nekernel-org/nekernel/security/advisories/GHSA-cmp2-5f6g-mw34"}, {"name": "https://github.com/nekernel-org/nekernel/pull/35", "tags": ["x_refsource_MISC"], "url": "https://github.com/nekernel-org/nekernel/pull/35"}, {"name": "https://github.com/nekernel-org/nekernel/pull/36", "tags": ["x_refsource_MISC"], "url": "https://github.com/nekernel-org/nekernel/pull/36"}, {"name": "https://github.com/nekernel-org/nekernel/commit/6506875ad0ab210b82a5c4ce227bf851508de17d", "tags": ["x_refsource_MISC"], "url": "https://github.com/nekernel-org/nekernel/commit/6506875ad0ab210b82a5c4ce227bf851508de17d"}, {"name": "https://github.com/nekernel-org/nekernel/commit/6511afbf405c31513bc88ab06bca58218610a994", "tags": ["x_refsource_MISC"], "url": "https://github.com/nekernel-org/nekernel/commit/6511afbf405c31513bc88ab06bca58218610a994"}], "affected": [{"vendor": "nekernel-org", "product": "nekernel", "versions": [{"version": "< 0.0.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-06-24T03:06:12.471Z"}, "descriptions": [{"lang": "en", "value": "NeKernal is a free and open-source operating system stack. Prior to version 0.0.3, there are several memory safety issues that can lead to memory corruption, disk image corruption, denial of service, and potential code execution. These issues stem from unchecked memory operations, unsafe typecasting, and improper input validation. This issue has been patched in version 0.0.3."}], "source": {"advisory": "GHSA-cmp2-5f6g-mw34", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-24T14:45:54.087753Z", "id": "CVE-2025-52568", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-24T14:51:58.515Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-52568", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-24T14:45:54.087753Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-24T14:49:31.240Z"}}], "cna": {"title": "NeKernal Multiple Memory Corruption Vulnerabilities in mkfs.hefs", "source": {"advisory": "GHSA-cmp2-5f6g-mw34", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "nekernel-org", "product": "nekernel", "versions": [{"status": "affected", "version": "< 0.0.3"}]}], "references": [{"url": "https://github.com/nekernel-org/nekernel/security/advisories/GHSA-cmp2-5f6g-mw34", "name": "https://github.com/nekernel-org/nekernel/security/advisories/GHSA-cmp2-5f6g-mw34", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/nekernel-org/nekernel/pull/35", "name": "https://github.com/nekernel-org/nekernel/pull/35", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/nekernel-org/nekernel/pull/36", "name": "https://github.com/nekernel-org/nekernel/pull/36", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/nekernel-org/nekernel/commit/6506875ad0ab210b82a5c4ce227bf851508de17d", "name": "https://github.com/nekernel-org/nekernel/commit/6506875ad0ab210b82a5c4ce227bf851508de17d", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/nekernel-org/nekernel/commit/6511afbf405c31513bc88ab06bca58218610a994", "name": "https://github.com/nekernel-org/nekernel/commit/6511afbf405c31513bc88ab06bca58218610a994", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "NeKernal is a free and open-source operating system stack. Prior to version 0.0.3, there are several memory safety issues that can lead to memory corruption, disk image corruption, denial of service, and potential code execution. These issues stem from unchecked memory operations, unsafe typecasting, and improper input validation. This issue has been patched in version 0.0.3."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-06-24T03:06:12.471Z"}}}, "cveMetadata": {"cveId": "CVE-2025-52568", "state": "PUBLISHED", "dateUpdated": "2025-06-24T14:51:58.515Z", "dateReserved": "2025-06-18T03:55:52.036Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-06-24T03:06:12.471Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "NeKernal is a free and open-source operating system stack. Prior to version 0.0.3, there are several memory safety issues that can lead to memory corruption, disk image corruption, denial of service, and potential code execution. These issues stem from unchecked memory operations, unsafe typecasting, and improper input validation. This issue has been patched in version 0.0.3."}, {"lang": "es", "value": "NeKernal es un sistema operativo gratuito y de c\u00f3digo abierto. Antes de la versi\u00f3n 0.0.3, exist\u00edan varios problemas de seguridad de memoria que pod\u00edan provocar corrupci\u00f3n de memoria, corrupci\u00f3n de im\u00e1genes de disco, denegaci\u00f3n de servicio y posible ejecuci\u00f3n de c\u00f3digo. Estos problemas se deben a operaciones de memoria sin control, conversi\u00f3n de tipos insegura y validaci\u00f3n de entrada incorrecta. Este problema se ha corregido en la versi\u00f3n 0.0.3."}], "id": "CVE-2025-52568", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-06-24T04:15:49.693", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/nekernel-org/nekernel/commit/6506875ad0ab210b82a5c4ce227bf851508de17d"}, {"source": "security-advisories@github.com", "url": "https://github.com/nekernel-org/nekernel/commit/6511afbf405c31513bc88ab06bca58218610a994"}, {"source": "security-advisories@github.com", "url": "https://github.com/nekernel-org/nekernel/pull/35"}, {"source": "security-advisories@github.com", "url": "https://github.com/nekernel-org/nekernel/pull/36"}, {"source": "security-advisories@github.com", "url": "https://github.com/nekernel-org/nekernel/security/advisories/GHSA-cmp2-5f6g-mw34"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-770"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{}