Vulnerability Database

308,926

Total vulnerabilities in the database

CVE-2025-48060

jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function jv_string_vfmt in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 void* p = malloc(sz);. As of time of publication, no patched versions are available.

Published: May 21, 2025
Updated: Nov 4, 2025
CVE: CVE-2025-48060
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-121
CWE-787

Affected Software
References

Software	From	Fixed in
jqlang / jq	-	1.7.1.x

https://github.com/jqlang/jq/security/advisories/GHSA-p7rr-28xf-3m5w
https://lists.debian.org/debian-lts-announce/2025/09/msg00022.html

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo