CVE-2025-60360 identifies a memory leak vulnerability in radare2, an open-source reverse engineering framework widely used for binary analysis, debugging, and vulnerability research. The issue resides in the function r2r_subprocess_init, which is responsible for initializing subprocesses within radare2. A memory leak here means that allocated memory is not properly freed, causing the process to consume increasing amounts of memory over time. This can lead to resource exhaustion, potentially degrading system performance or causing denial of service conditions. The CVSS 3.1 score of 5.5 reflects a medium severity, with an attack vector of local (AV:L), low attack complexity (AC:L), requiring low privileges (PR:L), no user interaction (UI:N), unchanged scope (S:U), and impacting availability only (A:H) without affecting confidentiality or integrity. No patches or known exploits are currently reported, indicating the vulnerability is newly disclosed and not yet weaponized. The vulnerability affects radare2 versions 5.9.8 and earlier, though exact affected versions are not specified. Given radare2’s use primarily by security researchers and reverse engineers, exploitation scenarios are likely limited to local users with access to the tool. However, in environments where radare2 is integrated into automated workflows or multi-user systems, the memory leak could accumulate and cause service disruptions.

For European organizations, the primary impact of CVE-2025-60360 is on availability. Systems running radare2 may experience degraded performance or denial of service due to memory exhaustion if the vulnerable function is invoked repeatedly or in long-running processes. This could disrupt security research, malware analysis, or development activities relying on radare2. Confidentiality and integrity are not affected, so data breaches or unauthorized modifications are unlikely. The requirement for local access and low privileges limits remote exploitation risks but does not eliminate insider threats or risks in shared environments. Organizations with dedicated security teams, research labs, or software development units using radare2 are most at risk. The lack of known exploits reduces immediate threat but patching and monitoring remain important to prevent future exploitation. The impact is more operational than strategic but could affect incident response capabilities if radare2 is a critical tool.

1. Restrict local access to systems running radare2 to trusted users only, minimizing the risk of exploitation by unauthorized personnel. 2. Monitor memory usage of radare2 processes, especially those invoking subprocess initialization, to detect abnormal resource consumption early. 3. Employ containerization or sandboxing techniques to isolate radare2 executions, limiting the impact of memory leaks on host systems. 4. Regularly update radare2 to the latest versions once patches addressing CVE-2025-60360 become available. 5. Implement system-level resource limits (e.g., cgroups on Linux) to prevent any single process from exhausting system memory. 6. Educate security and development teams about the vulnerability and encourage cautious use of radare2 subprocess features. 7. Consider alternative tools or workflows temporarily if radare2 usage is critical and patches are delayed. 8. Maintain robust logging and alerting on system performance anomalies related to radare2 activity.