CVE-2025-48172

CHMLib through 2bef8d0, as used in SumatraPDF and other products, has a chm_lib.c _chm_decompress_block integer overflow. There is a resultant heap-based buffer overflow in _chm_fetch_bytes.

Published: 2025-07-04 Last update: 2026-04-15 Assigner: [email protected] Source: [email protected]

NVD Status：Deferred，CVE State: published

View at NVD, CVE.org, EUVD

Conclusion & alert: CVE-2025-48172 is rated Low Risk (31.2/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.09%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2025-48172

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-04-30	0.01%	0.09%	+0.07%
2	2025-07-05	—	0.01%	—

Full EPSS history (2 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2025-48172

CVSS metrics for this CVE.

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
5.6	3.1	MEDIUM	`CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L` Click to expand Attack vector (AV:L) They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by. Attack complexity (AC:H) Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work. Privileges required (PR:N) No account or special rights needed—anonymous or random user is enough. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:C) Breaking this can reach past the original component and bite other resources—bigger blast radius. Confidentiality (C:L) Some sensitive info could get out, but not a total data dump. Integrity (I:L) Attackers could change some data, but it’s limited—not everything goes. Availability (A:L) Might cause slowdowns, glitches, or partial disruption—not a full brick.	1.4	3.7	[email protected]

Weakness enumeration for CVE-2025-48172

CWE-190 MITRE ↗

OS Trackers for CVE-2025-48172

vendor	priority	summary	link
`debian`	unimportant	CVE-2025-48172 unimportant priority: Debian including 1 source packages (chmlib), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2025-48172
`suse`	high	CVE-2025-48172 severity important: SUSE including 10 source package names (chmlib-devel-0.40-26.1, chmlib-devel-0.40-bp156.5.3.1, …), 17 product×package rows across 3 product lines (SUSE Package Hub 15 SP6, openSUSE Leap 15.6, openSUSE Tumbleweed): Fixed 17.	https://www.suse.com/security/cve/CVE-2025-48172/
`ubuntu`	medium	CVE-2025-48172 medium priority: Ubuntu including 1 source packages (chmlib), 9 status rows across 9 suites (bionic, focal, jammy, noble, oracular, plucky, questing, upstream, xenial): needs-triage 7, ignored 2.	https://ubuntu.com/security/CVE-2025-48172

Affected software / configurations for CVE-2025-48172

Vendor	Product	Version	Raw CPE
No affected products in dataset.

References for CVE-2025-48172

URL	Tags
https://drive.google.com/file/d/1XpulFyCGlq7Szzg5RsH-eRwZ6OyuSozl/view?usp=sharing
https://drive.google.com/file/d/1wq51px42eoJz2VQ1Qu9ObPVQVom9T9H_/view?usp=sharing
https://github.com/jedwing/CHMLib/blob/2bef8d063ec7d88a8de6fd9f0513ea42ac0fa21f/src/chm_lib.c#L1386
https://github.com/sumatrapdfreader/sumatrapdf/commit/08179946a745cf1605e4b9670942ec1a6e1f4c5d

cvelogic Threat Intelligence