CVE-2025-60019

Severity CVSS v4.0:

Pending analysis

Type:

CWE-476 NULL Pointer Dereference

Publication date:

25/09/2025

Last modified:

26/09/2025

Description

glib-networking&#39;s OpenSSL backend fails to properly check the return value of memory allocation routines. An out of memory condition could potentially result in writing to an invalid memory location.

Impact

Vector 3.x

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS v3.1 Severity and Metrics:

Base Score: 3.70 LOW
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): Low

Base Score 3.x

3.70

Severity 3.x

LOW

References to Advisories, Solutions, and Tools

https://access.redhat.com/security/cve/CVE-2025-60019
https://bugzilla.redhat.com/show_bug.cgi?id=2398140
https://gitlab.gnome.org/GNOME/glib-networking/-/issues/227