CVE-2025-60359 identifies a memory leak vulnerability in the open-source reverse engineering framework radare2, specifically in the function r_bin_object_new. This function is responsible for creating new binary object representations within the tool. The memory leak occurs when allocated memory is not properly freed after use, causing the application’s memory consumption to grow over time during repeated or prolonged operations. This can lead to resource exhaustion, resulting in degraded performance or application crashes, impacting availability. The vulnerability affects radare2 versions 5.9.8 and earlier. Exploitation requires local access with low privileges (AV:L) and no user interaction (UI:N), meaning an attacker or user with access to the system can trigger the leak by invoking the vulnerable function repeatedly. The vulnerability does not affect confidentiality or integrity, as it does not allow unauthorized data disclosure or modification. The CVSS v3.1 base score is 5.5 (medium severity), reflecting the limited scope and impact. No patches or fixes are currently listed, and no known exploits have been reported in the wild. The weakness is classified under CWE-401 (Improper Release of Memory), a common issue in software development that can degrade system stability if unaddressed.

For European organizations, the primary impact of CVE-2025-60359 is on system availability and stability. Organizations relying on radare2 for reverse engineering, malware analysis, or binary inspection may experience application crashes or degraded performance due to memory exhaustion. This can disrupt security research workflows, delay incident response, or impact development cycles. Since exploitation requires local access, the threat is more relevant in environments where multiple users share systems or where attackers have gained limited access. The vulnerability does not expose sensitive data or allow code execution, so confidentiality and integrity risks are minimal. However, availability degradation could indirectly affect operational continuity, especially in critical infrastructure or cybersecurity teams using radare2 extensively. European entities with embedded systems development, cybersecurity research centers, or software analysis teams are more likely to be impacted. The absence of known exploits reduces immediate risk but underscores the need for proactive mitigation.

To mitigate CVE-2025-60359, European organizations should: 1) Monitor radare2 project updates and apply patches promptly once available to address the memory leak. 2) If patches are not yet released, consider building radare2 from source with custom memory management fixes or apply community-provided patches addressing CWE-401 issues. 3) Limit local access to systems running radare2 to trusted users only, reducing the risk of exploitation by unauthorized personnel. 4) Implement resource monitoring and automated alerts for unusual memory consumption patterns on systems running radare2 to detect potential exploitation attempts early. 5) Use containerization or sandboxing to isolate radare2 processes, minimizing impact on host system availability. 6) Educate users and administrators about the vulnerability and encourage best practices for secure tool usage. 7) Review and restrict permissions to prevent unprivileged users from invoking vulnerable functions unnecessarily. These steps go beyond generic advice by focusing on access control, monitoring, and interim protective measures pending official patches.