Low severity3.3OSV Advisory· Published Nov 23, 2025· Updated Apr 15, 2026

CVE-2025-13566

Description

A security vulnerability has been detected in jarun nnn up to 5.1. The impacted element is the function show_content_in_floating_window/run_cmd_as_plugin of the file nnn/src/nnn.c. The manipulation leads to double free. An attack has to be approached locally. The identifier of the patch is 2f07ccdf21e705377862e5f9dfa31e1694979ac7. It is suggested to install a patch to address this issue.

Affected products

Jarun/NnnOSV
Range: v1.0, v1.1, v1.2, …

Patches

2f07ccdf21e7

https://github.com/jarun/nnnvia osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/jarun/nnn/commit/2f07ccdf21e705377862e5f9dfa31e1694979ac7nvd
github.com/jarun/nnn/issues/2091nvd
github.com/jarun/nnn/issues/2091nvd
vuldb.comnvd
vuldb.comnvd
vuldb.comnvd

News mentions

No linked articles in our index yet.

cvss	0.214
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000