CVE-2025-13120— mruby array.c sort_cmp use after free

CVSS 5.3 · Medium EPSS 0.02% · P4 Updated Mar 04, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-13120

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

mruby array.c sort_cmp use after free

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability has been found in mruby up to 3.4.0. This vulnerability affects the function sort_cmp of the file src/array.c. Such manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is eb398971bfb43c38db3e04528b68ac9a7ce509bc. It is advisable to implement a patch to correct this issue.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

释放后使用

Source: NVD (National Vulnerability Database)

Vulnerability Title

mruby 资源管理错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

mruby是makesoftwaresafe开源的一款Ruby语言的轻量级实现。 mruby 3.4.0及之前版本存在资源管理错误漏洞，该漏洞源于文件src/array.c中sort_cmp函数存在释放后重用问题。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	mruby	3.0	`cpe:2.3:a:mruby:mruby::::::::`

II. Public POCs for CVE-2025-13120

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-13120

请登录查看更多情报信息。

use-after-realloc in `mrb_ary_sort_bang` · Issue #6649 · mruby/mrubyissue-tracking
use-after-realloc in `mrb_ary_sort_bang` · Issue #6649 · mruby/mrubyexploitissue-tracking
https://nvd.nist.gov/vuln/detail/CVE-2025-13120

Same Patch Batch · n/a · 2025-11-13 · 39 CVEs total

CVE-2025-13130	7.8 HIGH	Radarr Service Radarr.Console.exe default permission
CVE-2025-13131	7.8 HIGH	Sonarr Service Sonarr.Console.exe default permission
CVE-2025-12818	5.9 MEDIUM	PostgreSQL libpq undersizes allocations, via integer wraparound
CVE-2025-12817	3.1 LOW	PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege
CVE-2025-60698		D-Link DIR-882 安全漏洞
CVE-2025-47221		Keyfactor SignServer 安全漏洞
CVE-2025-60684		TOTOLINK LR1200GB 安全漏洞
CVE-2025-60691		Linksys E1200 安全漏洞
CVE-2025-60699		TOTOLINK A950RG 安全漏洞
CVE-2025-60685		TOTOLINK A720R 安全漏洞
CVE-2025-60697		D-Link DIR-882 安全漏洞
CVE-2025-60692		Linksys E1200 安全漏洞
CVE-2025-60686		ToToLink多款产品安全漏洞
CVE-2025-60671		D-Link DIR-823G 安全漏洞
CVE-2025-60672		D-Link DIR-878 安全漏洞
CVE-2025-60687		TOTOLINK LR1200GB 安全漏洞
CVE-2025-55810		Alaga Home Security WiFi Camera 安全漏洞
CVE-2025-63406		groupoffice 安全漏洞
CVE-2025-52186		lila 安全漏洞
CVE-2025-47222		Keyfactor SignServer 安全漏洞

Showing top 20 of 39 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: mruby

Same vendor: n/a

Same weakness: CWE-416

V. Comments for CVE-2025-13120

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-13120— mruby array.c sort_cmp use after free

I. Basic Information for CVE-2025-13120

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-13120

III. Intelligence Information for CVE-2025-13120

Same Patch Batch · n/a · 2025-11-13 · 39 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2025-13120

Leave a comment