2.9

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2025-48754

GHSA ID

GHSA-5r4r-9fgh-pw53

EPSS Score

0.03189%

CWE

CWE-369

Published

5/24/2025

Updated

5/27/2025

KEV Status

Technology

Rust

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-48754

CVE-2025-48754: memory_pages division by zero

In the memory_pages crate 0.1.0 for Rust, division by zero can occur.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-48754

CVE-2025-48754:

2.9

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2025-48754

GHSA ID

GHSA-5r4r-9fgh-pw53

EPSS Score

0.03189%

CWE

CWE-369

Published

5/24/2025

Updated

5/27/2025

KEV Status

Technology

Rust

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
memory_pages	rust	<= 0.1.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability lies in the PagedVec::capacity function within the memory_pages crate. When PagedVec is instantiated with a Zero-Sized Type (ZST), the std::mem::size_of::<T>() call within the capacity function returns 0. This results in a division by zero when calculating the capacity (self.data.len() / std::mem::size_of::<T>()). The PagedVec::reserve function calls capacity and is therefore also vulnerable. The issue report and POC code confirm this behavior. Since no patched version or specific commit fixing the issue is available, the analysis is based on the code from version 0.1.0, which is known to be vulnerable.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

2.9

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-48754: memory_pages division by zero

CVE-2025-48754:

2.9

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

Basic Information

Basic Information

2.9

2.9

CVE-2025-48754: memory_pages division by zero

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI