CVE-2025-52566

Name: CVE-2025-52566
Creator: NVD / NIST
Published: 2025-06-24T04:15:46.967+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.8/10EPSS 0.32%

Last modified Jun 17, 2026

CVE-2025-52566 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. llama.cpp is an inference of several LLM models in C/C++. Prior to version b5721, there is a signed vs. EPSS estimates a 0.32% chance of exploitation in the next 30 days.

Description

llama.cpp is an inference of several LLM models in C/C++. Prior to version b5721, there is a signed vs. unsigned integer overflow in llama.cpp's tokenizer implementation (llama_vocab::tokenize) (src/llama-vocab.cpp:3036) resulting in unintended behavior in tokens copying size comparison. Allowing heap-overflowing llama.cpp inferencing engine with carefully manipulated text input during tokenization process. This issue has been patched in version b5721.

Metrics

CVSS 3.1

8.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Probability

0.32%

23.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Ggml	Llama.Cpp	< b5721

References

https://github.com/ggml-org/llama.cpp/commit/dd6e6d0b6a4bbe3ebfc931d1eb14db2f2b1d70afPatch
https://github.com/ggml-org/llama.cpp/security/advisories/GHSA-7rxv-5jhh-j6xxExploit, Vendor Advisory
https://github.com/ggml-org/llama.cpp/security/advisories/GHSA-7rxv-5jhh-j6xxExploit, Vendor Advisory

Timeline

Published: Jun 24, 2025
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2025-52566?

How severe is CVE-2025-52566?

CVE-2025-52566 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 0.32% probability of exploitation in the next 30 days.

How do I fix CVE-2025-52566?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-52566?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST