A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.
CVE ID: CVE-2025-5222
Vendor: Red Hat
Product: Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat OpenShift Container Platform 4
EPSS Score: 0.02% (probability of being exploited)
EPSS Percentile: 4.43% (scored less or equal to compared to others)
EPSS Date: 2025-06-25 (when was this score calculated)