Use-After-Free Vulnerability in QEMU Affecting VNC WebSocket Connections
CVE-2025-11234

7.5HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 3 October 2025

What is CVE-2025-11234?

A vulnerability exists within the QIOChannelWebsock object in QEMU, which can be exploited if this object is freed while awaiting a handshake completion. This situation leads to a GSource object being leaked, potentially allowing a malicious client with network access to the VNC WebSocket port to trigger a denial of service. This occurs during the handshake phase prior to the authentication of the VNC client, posing a risk to users relying on VNC services.

References

https://access.redhat.com/security/cve/CVE-2025-11234

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2401209

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 3, 2025
Vulnerability Reserved
Oct 1, 2025

Credit

Red Hat would like to thank Grant Millar (Cylo) for reporting this issue.

JSON