CVE-2025-69720

high-risk
Published 2026-03-19

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

Do I need to act?

-
0.02% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.3/10 High
LOCAL / LOW complexity

Affected Products (20)

Ncurses
Ncurses
Ncurses
Ncurses
Ncurses
Ncurses
Ncurses
Ncurses
Ncurses
Ncurses
Ncurses
Ncurses
Ncurses
Ncurses
Ncurses
Ncurses
Ncurses
Ncurses
Ncurses
Ncurses

Affected Vendors

Invisible-Island

References (6)

Exploit https://github.com/Cao-Wuhui/CVE-2025-69720
Release Notes https://invisible-island.net/archives/ncurses/6.5/
Product https://invisible-island.net/ncurses/
Issue Tracking https://marc.info/?l=ncurses-bug&m=176539968328570&w=2
Issue Tracking https://marc.info/?l=ncurses-bug&m=176540731801330&w=2
Issue Tracking https://marc.info/?l=ncurses-bug&m=176545557728083&w=2
52
/ 100
high-risk
Severity 23/34 · High
Exploitability 0/34 · Minimal
Exposure 29/34 · Critical