Skip to main content

Early Access — Mondoo Vulnerability Intelligence is currently in preview.

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

CVE-2025-13566

MEDIUM4.8

jarun nnn nnn.c run_cmd_as_plugin double free

Published Nov 23, 2025

Modified 1 months ago

No fix available

Details

A security vulnerability has been detected in jarun nnn up to 5.1. The impacted element is the function show_content_in_floating_window/run_cmd_as_plugin of the file nnn/src/nnn.c. The manipulation leads to double free. An attack has to be approached locally. The identifier of the patch is 2f07ccdf21e705377862e5f9dfa31e1694979ac7. It is suggested to install a patch to address this issue.

References

FIXhttps://github.com/jarun/nnn/commit/2f07ccdf21e705377862e5f9dfa31e1694979ac7 WEBhttps://github.com/jarun/nnn/issues/2091#issue-3635886658 WEBhttps://github.com/jarun/nnn/issues/2091#issuecomment-3547591759 WEBhttps://vuldb.com/?ctiid.333330 WEBhttps://vuldb.com/?id.333330 ADVISORYhttps://vuldb.com/?submit.698113 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2025-13566

CVSS Analysis

CVSS v4.0

4.8

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Attack Requirements

NoneAT:N

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Vulnerable System

Vuln. Confidentiality

NoneVC:N

Vuln. Integrity

NoneVI:N

Vuln. Availability

LowVA:L

Subsequent System

Subseq. Confidentiality

NoneSC:N

Subseq. Integrity

NoneSI:N

Subseq. Availability

NoneSA:N

4.8/CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X

Weakness Type (CWE)

Memory Safety

Buffer Overflow

Other

Ecosystems

Timeline

PublishedNov 23, 2025

ModifiedNov 24, 2025

CVE-2025-13566 | Mondoo Vulnerability Intelligence