CVE-2025-13566

low-risk

Published 2025-11-23

A security vulnerability has been detected in jarun nnn up to 5.1. The impacted element is the function show_content_in_floating_window/run_cmd_as_plugin of the file nnn/src/nnn.c. The manipulation leads to double free. An attack has to be approached locally. The identifier of the patch is 2f07ccdf21e705377862e5f9dfa31e1694979ac7. It is suggested to install a patch to address this issue.

Do I need to act?

0.03% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 3.3/10 Low

LOCAL / LOW complexity

References (6)

https://github.com/jarun/nnn/commit/2f07ccdf21e705377862e5f9dfa31e1694979ac7

https://github.com/jarun/nnn/issues/2091#issue-3635886658

https://github.com/jarun/nnn/issues/2091#issuecomment-3547591759

https://vuldb.com/?ctiid.333330

https://vuldb.com/?id.333330

https://vuldb.com/?submit.698113

/ 100

low-risk

Severity 13/34 · Low

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal