CVE-2025-4020

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Apr 28, 2025

Updated: Apr 30, 2025

CWE ID 89

CWE ID 74

Summary

CVE-2025-46687 is a vulnerability affecting quickjs-ng versions up to 0.9.0. The issue stems from a missing length check in the JS_ReadString function, which results in a heap-based buffer overflow. This flaw allows attackers to potentially execute arbitrary code or cause a denial-of-service condition. QuickJS versions prior to 2025-04-26 are also susceptible to this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

PHPGurukul Old Age Home Management System

Affected Vendors

Phpgurukul

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/5hnyb3
https://www.cve.org/CVERecord?id=CVE-2025-4020
https://nvd.nist.gov/vuln/detail/CVE-2025-4020

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners