CVE-2025-20890 HIGH

CVE-2025-20890

Published February 4, 2025
Last update February 12, 2025

CVSS base score

7.0/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Out-of-bounds write in decoding frame buffer in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.

Key dates

02Disclosure timeline

February 4, 2025 CVE published
February 12, 2025 Record updated