CVE-2025-48756: In group_number in the scsir crate 0.2.0 for Rust, there can be an overflow because a hardware device may expect a small number of bits (e.g., 5...

2.9 CVSS

Description

In group_number in the scsir crate 0.2.0 for Rust, there can be an overflow because a hardware device may expect a small number of bits (e.g., 5 bits) for group number.

Classification

CVE ID: CVE-2025-48756

CVSS Base Severity: LOW

CVSS Base Score: 2.9

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Problem Types

CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')

Affected Products

Vendor: maboroshinokiseki

Product: scsir

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 2.73% (scored less or equal to compared to others)

EPSS Date: 2025-06-06 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-48756
https://github.com/maboroshinokiseki/scsir/issues/4
https://crates.io/crates/scsir

Timeline

2025-05-24 03:40:20 UTC
CVE

In group_number in the scsir crate 0.2.0 for Rust, there can be an overflow because a hardware device may expect a small number of bits (e.g., 5...
2025-05-27 19:15:11 UTC
Github Advisory Database (Rust)

[scsir] SCSIR has a Potential Unsound Issue in WriteSameCommand