Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-48756

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-24 May, 2025 | 00:00
Updated At-24 May, 2025 | 10:13
Rejected At-
Credits

In group_number in the scsir crate 0.2.0 for Rust, there can be an overflow because a hardware device may expect a small number of bits (e.g., 5 bits) for group number.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:24 May, 2025 | 00:00
Updated At:24 May, 2025 | 10:13
Rejected At:
▼CVE Numbering Authority (CNA)

In group_number in the scsir crate 0.2.0 for Rust, there can be an overflow because a hardware device may expect a small number of bits (e.g., 5 bits) for group number.

Affected Products
Vendor
maboroshinokiseki
Product
scsir
Default Status
unknown
Versions
Affected
  • 0.2.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-843CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')
Type: CWE
CWE ID: CWE-843
Description: CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')
Metrics
VersionBase scoreBase severityVector
3.12.9LOW
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Version: 3.1
Base score: 2.9
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/maboroshinokiseki/scsir/issues/4
N/A
https://crates.io/crates/scsir
N/A
Hyperlink: https://github.com/maboroshinokiseki/scsir/issues/4
Resource: N/A
Hyperlink: https://crates.io/crates/scsir
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:24 May, 2025 | 03:15
Updated At:30 Jan, 2026 | 17:45

In group_number in the scsir crate 0.2.0 for Rust, there can be an overflow because a hardware device may expect a small number of bits (e.g., 5 bits) for group number.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.12.9LOW
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 2.9
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
crates
crates
>>scsir>>0.2.0
cpe:2.3:a:crates:scsir:0.2.0:*:*:*:*:rust:*:*
Weaknesses
CWE IDTypeSource
CWE-843Secondarycve@mitre.org
CWE ID: CWE-843
Type: Secondary
Source: cve@mitre.org
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://crates.io/crates/scsircve@mitre.org
Product
https://github.com/maboroshinokiseki/scsir/issues/4cve@mitre.org
Exploit
Issue Tracking
Hyperlink: https://crates.io/crates/scsir
Source: cve@mitre.org
Resource:
Product
Hyperlink: https://github.com/maboroshinokiseki/scsir/issues/4
Source: cve@mitre.org
Resource:
Exploit
Issue Tracking

Change History

0
Information is not available yet

Similar CVEs

68Records found
CVE-2019-20588
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.19% / 41.33%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 18:59
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the SEM Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14891 (August 2019).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2019-20584
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.19% / 41.33%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 18:55
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the HDCP Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14850 (August 2019).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2019-20587
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.19% / 41.33%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 18:58
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with O(8.1) and P(9.0) (with TEEGRIS) software. There is type confusion in the MLDAP Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14867 (August 2019).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2019-20571
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.19% / 40.46%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 18:38
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with O(8.x) (with TEEGRIS) software. There is type confusion in the WVDRM Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14885 (September 2019).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2019-20583
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.19% / 41.33%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 18:54
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the EXT_FR Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14847 (August 2019).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2019-20586
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.19% / 41.33%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 18:57
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with O(8.1) and P(9.0) (with TEEGRIS) software. There is type confusion in the FINGERPRINT Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14864 (August 2019).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2019-20585
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.19% / 41.33%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 18:57
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the SEC_FR Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14851 (August 2019).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2019-20589
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.19% / 41.33%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 19:00
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the SKPM Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14892 (August 2019).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2023-43154
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.41% / 61.20%
||
7 Day CHG~0.00%
Published-26 Sep, 2023 | 00:00
Updated-24 Sep, 2024 | 18:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, loose comparison in "isValidLogin()" function during login attempt results in PHP type confusion vulnerability that leads to authentication bypass and takeover of the administrator account.

Action-Not Available
Vendor-macs_cms_projectn/a
Product-macs_cmsn/a
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2023-42464
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-7.70% / 91.75%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 00:00
Updated-02 Aug, 2024 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully control the value of the pointer and theoretically achieve Remote Code Execution on the host. This issue is similar to CVE-2023-34967.

Action-Not Available
Vendor-netatalkn/aDebian GNU/Linux
Product-debian_linuxnetatalkn/a
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2020-1911
Matching Score-4
Assigner-Meta Platforms, Inc.
ShareView Details
Matching Score-4
Assigner-Meta Platforms, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.02% / 76.87%
||
7 Day CHG~0.00%
Published-04 Sep, 2020 | 02:35
Updated-04 Aug, 2024 | 06:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.

Action-Not Available
Vendor-Facebook
Product-hermesHermes
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2021-46463
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.46% / 63.72%
||
7 Day CHG~0.00%
Published-14 Feb, 2022 | 21:47
Updated-04 Aug, 2024 | 05:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then().

Action-Not Available
Vendor-n/aF5, Inc.
Product-njsn/a
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2025-14330
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 21.23%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 13:38
Updated-11 Dec, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JIT miscompilation in the JavaScript Engine: JIT component

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefox ESRFirefoxThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-686
Function Call With Incorrect Argument Type
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2025-0147
Matching Score-4
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-4
Assigner-Zoom Video Communications, Inc.
CVSS Score-8.8||HIGH
EPSS-0.67% / 70.94%
||
7 Day CHG+0.47%
Published-30 Jan, 2025 | 19:49
Updated-01 Aug, 2025 | 01:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace App for Linux - Type Confusion

Type confusion in the Zoom Workplace App for Linux before 6.2.10 may allow an authorized user to conduct an escalation of privilege via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-video_software_development_kitworkplace_desktopmeeting_software_development_kitZoom Workplace App for Linux
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2024-7824
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-6.3||CRITICAL
EPSS-0.26% / 48.75%
||
7 Day CHG+0.07%
Published-03 Oct, 2024 | 17:05
Updated-30 Oct, 2024 | 13:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Type-confusion vulnerability that can cause the WRSA.exe service to crash and generate a crash dump

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3.

Action-Not Available
Vendor-webrootWebroot
Product-secureanywhere_web_shieldSecureAnywhere - Web Shield
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2024-7825
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-6.2||CRITICAL
EPSS-0.35% / 57.03%
||
7 Day CHG+0.09%
Published-03 Oct, 2024 | 17:05
Updated-30 Oct, 2024 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Type confusion that can cause the WRSA.exe service to crash and generate a crash dump

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3.

Action-Not Available
Vendor-webrootWebroot
Product-secureanywhere_web_shieldSecureAnywhere - Web Shield
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2024-5436
Matching Score-4
Assigner-Google LLC
ShareView Details
Matching Score-4
Assigner-Google LLC
CVSS Score-7.3||HIGH
EPSS-0.20% / 41.88%
||
7 Day CHG~0.00%
Published-31 May, 2024 | 08:11
Updated-22 Jul, 2025 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Type Confusion in Snapchat Lenscore

Type confusion in Snapchat LensCore could lead to denial of service or arbitrary code execution prior to version 12.88. We recommend upgrading to version 12.88 or above.

Action-Not Available
Vendor-snapSnapsnap
Product-snapchat_lenscoreSnapchat Lenscoresnapchat_lenscore
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2023-38199
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.04% / 12.16%
||
7 Day CHG~0.00%
Published-13 Jul, 2023 | 00:00
Updated-30 Oct, 2024 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow attackers to bypass a WAF with a crafted payload, aka "Content-Type confusion" between the WAF and the backend application. This occurs when the web application relies on only the last Content-Type header. Other platforms may reject the additional Content-Type header or merge conflicting headers, leading to detection as a malformed header.

Action-Not Available
Vendor-owaspn/a
Product-corerulesetn/a
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
  • Previous
  • 1
  • 2
  • Next
Details not found