CVE-2025-60358 identifies a memory leak vulnerability in radare2, an open-source reverse engineering tool widely used for binary analysis, debugging, and malware research. The flaw exists in the _load_relocations function, which is responsible for handling relocation entries during binary loading. A memory leak in this function means that allocated memory is not properly freed, leading to gradual memory consumption over time. While this does not directly allow code execution or privilege escalation, it can cause the application to consume excessive memory, potentially leading to denial of service (DoS) conditions if exploited repeatedly or on large inputs. The vulnerability affects radare2 version 5.9.8 and earlier, with no specific patch links currently available. No known exploits have been reported in the wild, indicating that active exploitation is not yet observed. However, the vulnerability poses a risk to environments where radare2 is used extensively, especially in automated or large-scale analysis scenarios. The absence of a CVSS score requires an assessment based on the impact on availability, ease of exploitation (no authentication or user interaction needed), and the scope of affected systems. Since radare2 is a specialized tool, the affected population is limited but critical in cybersecurity research and incident response contexts.

For European organizations, the primary impact of CVE-2025-60358 is on the availability and reliability of radare2-based analysis workflows. Security teams and malware analysts using vulnerable versions may experience application crashes or degraded performance due to memory exhaustion, potentially delaying incident response or forensic investigations. This can indirectly affect the confidentiality and integrity of investigations if analysts are forced to switch tools or work with incomplete data. Organizations involved in software security research, vulnerability assessment, and malware analysis are particularly at risk. The vulnerability does not directly compromise system confidentiality or integrity but can disrupt critical security operations. The impact is more pronounced in environments processing large volumes of binaries or automated pipelines where memory leaks accumulate rapidly. European cybersecurity firms, CERTs, and academic institutions using radare2 are likely to face operational challenges until patched versions are deployed.

To mitigate CVE-2025-60358, organizations should prioritize upgrading radare2 to a version where the memory leak is fixed once available. In the absence of an official patch, users should limit the use of vulnerable radare2 versions to trusted binaries and avoid processing untrusted or malformed inputs that could exacerbate memory consumption. Implementing resource monitoring and limits (e.g., cgroups or container memory limits) can help contain the impact of memory leaks. Security teams should also consider alternative reverse engineering tools temporarily if radare2 stability is critical. Regularly monitoring radare2 project communications for patches or workarounds is essential. Additionally, integrating memory profiling during analysis workflows can help detect abnormal memory usage early. Finally, documenting and training analysts on this vulnerability ensures awareness and preparedness to respond to potential disruptions.