High severity7.0NVD Advisory· Published May 27, 2025· Updated Apr 23, 2026

CVE-2025-5222

Description

A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.

Affected products

Unicode/International Components For Unicode
cpe:2.3:a:unicode:international_components_for_unicode:*:*:*:*:*:*:*:*
Range: <77.1

Patches

457157a92aa0

https://github.com/unicode-org/icuvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

access.redhat.com/errata/RHSA-2025:11888nvdVendor Advisory
access.redhat.com/errata/RHSA-2025:12083nvdVendor Advisory
access.redhat.com/errata/RHSA-2025:12331nvdVendor Advisory
access.redhat.com/errata/RHSA-2025:12332nvdVendor Advisory
access.redhat.com/errata/RHSA-2025:12333nvdVendor Advisory
access.redhat.com/security/cve/CVE-2025-5222nvdVendor Advisory
bugzilla.redhat.com/show_bug.cginvdIssue Tracking
lists.debian.org/debian-lts-announce/2025/06/msg00015.htmlnvdMailing List
unicode-org.atlassian.net/jira/software/c/projects/ICU/issues/ICU-22957nvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000