CVE-2025-58050
CVE Details
Visit the official vulnerability details page for CVE-2025-58050 to learn more.
Initial Publication
09/11/2025
Last Update
10/22/2025
Third Party Dependency
libpcre2-8-0
NIST CVE Summary
The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the (*scs:...) (Scan SubString) verb when combined with (*ACCEPT) in src/pcre2_match.c. This vulnerability may potentially lead to information disclosure if the out-of-bounds data read during the memcmp affects the final match result in a way observable by the attacker. This issue has been resolved in version 10.46.
CVE Severity
Our Official Summary
The vulnerability exists in the PCRE2 library (Perl Compatible Regular Expressions version 2), specifically in version 10.45. Within the function src/pcre2_match.c, the handling of the (*scs:...) (Scan SubString) verb, when combined with (*ACCEPT), fails to properly restore certain internal pointers (mb->end_subject, mb->true_end_subject) after an accept operation inside a SCAN-SUBSTRING block. This flaw results in a heap buffer overflow read, where an application using the affected library could, under specific regular expression constructs, read memory beyond intended bounds.
The issue has been resolved in PCRE2 version 10.46.
This CVE has been reported in the Palette/Vertex UI container images.vThe upstream patch for this vulnerability will be adopted once available in the relevant base images and dependencies.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.7.27 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ⚠️ Impacted |
Revision History
| Date | Revision |
|---|---|
| 10/22/2025 | Status changed from Open to Ongoing |
| 10/22/2025 | Official summary added |