CVE-2025-55398CRITICAL 9.8EPSS p26.2%

CVE-2025-55398CVE-2025-55398

Description

An issue was discovered in mouse07410 asn1c thru 0.9.29 (2025-03-20) - a fork of vlm asn1c. In UPER (Unaligned Packed Encoding Rules), asn1c-generated decoders fail to enforce INTEGER constraints when the bound is positive and exceeds 32 bits in length, potentially allowing incorrect or malicious input to be processed.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.34% probability of exploitation · percentile 26.2% · 2026-06-19T12:03:05Z
Published2025-08-22
Last modified2026-04-15

Underlying weaknesses· 1

CWE-1284

References

  1. https://github.com/mouse07410/asn1c/issues/222

1

TypeTargetConfidenceTier
WeaknessImproper Validation of Specified Quantity in Inputcwe-12840%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-45615
CVE
CVE-2026-5188
CVE
CVE-2025-1674
CVE
CVE-2025-10451
CVE
CVE-2025-59605
CVE
CVE-2026-7383
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.