Description

An issue was discovered in Cista v0.15 and below. Insecure deserialization of untrusted input under certain conditions may lead to leaking of stack/heap addresses which may be used to bypass ASLR. Classes with pointer-like mechanics under the cista::raw namespace are prone to reference tampering, where Cista does not perform sufficient checks to safeguard against self-referencing pointers and referencing other data within the payload. The leak occurs if the deserialized values are observable by the attacker.

INFO

Published Date :

2026-04-28T00:00:00.000Z

Last Modified :

2026-04-28T16:30:20.600Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-60887 vulnerability.

Vendors Products
Cista
  • Cista
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-60887.

URL Resource
http://cista.com cve-icon cve-icon
https://gist.github.com/TrebledJ/66cc0ed37bdb3e70ce0ef98396790771 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Complexity
Attack Vector
Availability Impact
Confidentiality Impact
Integrity Impact
Privileges Required
Scope
User Interaction