CVE-2025-60358 identifies a memory leak vulnerability in radare2, an open-source reverse engineering framework widely used for binary analysis and debugging. The flaw resides in the _load_relocations function, which is responsible for processing relocation entries in binaries. In affected versions (up to 5.9.8), this function improperly manages memory allocations, failing to release allocated memory under certain conditions, leading to a gradual increase in memory consumption. The vulnerability is classified under CWE-401 (Improper Release of Memory), indicating a resource management weakness. The CVSS 3.1 base score is 5.5 (medium), with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, meaning the attack requires local access with low privileges, no user interaction, and impacts availability only. There is no impact on confidentiality or integrity. Although no public exploits are known, the memory leak could cause denial of service by exhausting system memory, potentially disrupting analysis workflows or automated processes relying on radare2. The absence of a patch at the time of publication suggests users should monitor for updates or consider temporary mitigations. Given radare2's role in security research and software development, this vulnerability could affect environments where continuous or large-scale binary analysis is performed.

For European organizations, the primary impact of CVE-2025-60358 is on availability, as the memory leak can lead to system resource exhaustion and potential denial of service. This could disrupt security research, malware analysis, or software debugging activities that depend on radare2, potentially delaying incident response or development cycles. Organizations with automated pipelines or continuous integration systems incorporating radare2 may face instability or crashes, affecting productivity. Since the vulnerability requires local access with low privileges, insider threats or compromised user accounts could exploit it to degrade system performance. However, the lack of confidentiality or integrity impact limits the risk of data breaches or unauthorized modifications. The medium severity rating reflects these constraints but underscores the need for vigilance in environments where radare2 is critical. European cybersecurity teams should assess their use of radare2 and prepare for potential disruptions, especially in sectors with intensive reverse engineering needs such as telecommunications, defense, and software development.

1. Monitor radare2 official repositories and security advisories for patches addressing CVE-2025-60358 and apply updates promptly once available. 2. If immediate patching is not possible, limit radare2 usage to trusted users and environments to reduce the risk of exploitation. 3. Implement resource monitoring on systems running radare2 to detect abnormal memory consumption early and trigger alerts or automated remediation. 4. Consider isolating radare2 processes in containerized or sandboxed environments to contain potential denial of service effects. 5. Review and restrict local access permissions to minimize the number of users who can execute radare2, reducing the attack surface. 6. For automated workflows, incorporate memory usage checks and restart mechanisms to mitigate prolonged memory leaks. 7. Educate developers and security analysts about this vulnerability to ensure awareness and prompt reporting of unusual system behavior. 8. Evaluate alternative tools or versions if radare2 is critical and no patch is yet available, balancing functionality and security.