CVE-2025-60360
BaseFortify
Publication date: 2025-10-17
Last updated on: 2025-10-23
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| radare | radare2 | to 5.9.8 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-401 | The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-60360 is a memory leak vulnerability in radare2 versions up to and including v5.9.8. It occurs in the function r2r_subprocess_init, where memory is not properly managed, causing the program to consume more memory over time. [1]
How can this vulnerability impact me? :
This memory leak can lead to a Denial of Service (DoS) condition by exhausting system memory resources, potentially causing the affected system or application to become unresponsive or crash. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade radare2 to a version later than v5.9.8 where the memory leak in the function r2r_subprocess_init has been fixed. The fix was merged on May 30, 2025, so using any version released after this date will include the patch preventing the memory leak and potential Denial of Service. [1]