CVE-2025-7039
Deferred Deferred - Pending Action
BaseFortify

Publication date: 2025-09-03

Last updated on: 2026-06-02

Assigner: Red Hat, Inc.

Description
A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-03
Last Modified
2026-06-02
Generated
2026-06-16
AI Q&A
2025-09-03
EPSS Evaluated
2026-06-15
NVD
CVE-2025-7039
EUVD
EUVD-2025-26475
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gnome glib *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an integer overflow in the GLib library during temporary file creation, which causes out-of-bounds memory access. This flaw allows a local attacker to exploit path traversal by creating symbolic links that the application might follow, potentially accessing private temporary file content without authorization. The core problem is insufficient validation of file path lengths during temporary file operations. [1]

Impact Analysis

An attacker with local access can manipulate file paths to perform path traversal attacks, potentially gaining unauthorized access to private data stored in temporary files. This could lead to exposure of sensitive information that should be protected by the system. [1]

Detection Guidance

Detection involves checking for the presence of vulnerable GLib versions and monitoring for suspicious symbolic link creations in temporary directories. You can identify vulnerable GLib versions by querying your package manager, for example, using 'rpm -q glib2' on Red Hat-based systems or 'dpkg -l | grep glib2' on Debian-based systems. Additionally, monitoring /tmp or other temporary directories for unexpected symbolic links can help detect exploitation attempts. Commands like 'find /tmp -type l -ls' can list symbolic links in temporary directories. [1]

Mitigation Strategies

Immediate mitigation steps include updating GLib to a patched version provided by your Linux distribution vendor. Until a patch is applied, restrict local user access to temporary directories to prevent creation of malicious symbolic links. Implement monitoring and alerting on symbolic link creation in temporary directories. Avoid running untrusted local code that could exploit this vulnerability. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-7039. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart