CVE-2025-13654

Published: Dec 5, 2025Modified: Jan 29, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

A stack buffer overflow vulnerability exists in the buffer_get function of duc, a disk management tool, where a condition can evaluate to true due to underflow, allowing an out-of-bounds read.

Affected (1)

Products: Zevv: Duc

Zevv

1 product

Duc

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Zevv Duc	Before 1.4.6

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (5)

https://github.com/zevv/duc/releases/tag/1.4.6

Source: cret@cert.org

Release Notes

https://hackingbydoing.wixsite.com/hackingbydoing/post/stack-buffer-overflow-in-duc

Source: cret@cert.org

ExploitThird Party Advisory

https://kb.cert.org/vuls/id/441887

Source: cret@cert.org

Third Party Advisory

https://github.com/zevv/duc/commit/8638c4365ffd9e1966bdef8af6339dbee8c17e66

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.kb.cert.org/vuls/id/441887

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.