← voltar
CVE-2025-60887

CVE-2025-60887

CVSS 5.3 MEDIUMEPSS 0.2%CWE-502
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 5.3EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
28 abr 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
An issue was discovered in Cista v0.15 and below. Insecure deserialization of untrusted input under certain conditions may lead to leaking of stack/heap addresses which may be used to bypass ASLR. Classes with pointer-like mechanics under the cista::raw namespace are prone to reference tampering, where Cista does not perform sufficient checks to safeguard against self-referencing pointers and referencing other data within the payload. The leak occurs if the deserialized values are observable by the attacker.
CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:N/S:U/UI:N
Produtos afetados
n/a · n/a