Memory Leak in radare2 Affects Multiple Versions from radareorg
CVE-2025-60360

5.5MEDIUM

Key Information:

Vendor: radareorg
Status: radare2
Vendor: CVE Published:; 17 October 2025

What is CVE-2025-60360?

radare2 versions prior to 5.9.8 experience a memory leak due to improper initialization in the function r2r_subprocess_init. This flaw can lead to increased memory consumption, potentially affecting system performance and stability over time. Users of radare2 are advised to upgrade to the latest version to mitigate the effects of this vulnerability.

References

https://github.com/radareorg/radare2/pull/24245

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 17, 2025
Vulnerability Reserved
Sep 26, 2025

JSON