CVE-2025-60361: n/a
radare2 v5.9.8 and before contains a memory leak in the function bochs_open.
AI Analysis
Technical Summary
CVE-2025-60361 identifies a memory leak vulnerability in the open-source reverse engineering framework radare2, specifically in the bochs_open function present in version 5.9.8 and earlier. Memory leaks occur when allocated memory is not properly released, leading to gradual consumption of system memory resources. In this case, the bochs_open function, which likely handles opening or interfacing with Bochs virtual machine images or components, improperly manages memory allocation. While this vulnerability does not directly allow arbitrary code execution or privilege escalation, continuous exploitation or repeated triggering could exhaust available memory, causing application instability or denial of service (DoS). No CVSS score has been assigned yet, and no public exploits have been reported, indicating limited current threat activity. Radare2 is widely used by security researchers, malware analysts, and developers for reverse engineering tasks, so the vulnerability primarily impacts these user groups. The lack of authentication or user interaction requirements means that any user with access to the vulnerable radare2 installation could potentially trigger the leak. However, the impact remains confined to resource depletion rather than direct compromise of confidentiality or integrity.
Potential Impact
For European organizations, the primary impact of this vulnerability is potential denial of service or degraded performance in environments where radare2 is used extensively for reverse engineering or binary analysis. Organizations involved in cybersecurity research, malware analysis, or software development that rely on radare2 could experience interruptions or instability in their analysis workflows. While the vulnerability does not directly expose sensitive data or allow code execution, prolonged exploitation could disrupt critical security operations or delay incident response activities. The impact on broader enterprise IT infrastructure is limited unless radare2 is integrated into automated pipelines or exposed in multi-user environments. Given the specialized nature of radare2, the overall risk to general European enterprises is low, but targeted sectors such as defense, cybersecurity firms, and research institutions may face moderate operational challenges.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should monitor for updates from the radare2 development team and apply patches promptly once available. In the absence of an official patch, users can review and modify the source code of the bochs_open function to ensure proper memory deallocation, or limit the use of this function until a fix is released. Implementing resource monitoring and alerting on systems running radare2 can help detect abnormal memory consumption early. Restricting access to radare2 installations to trusted personnel and isolating analysis environments can reduce the risk of inadvertent exploitation. Additionally, organizations should incorporate this vulnerability into their vulnerability management processes and conduct regular audits of tools used in security operations to identify and remediate similar issues proactively.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland
CVE-2025-60361: n/a
Description
radare2 v5.9.8 and before contains a memory leak in the function bochs_open.
AI-Powered Analysis
Technical Analysis
CVE-2025-60361 identifies a memory leak vulnerability in the open-source reverse engineering framework radare2, specifically in the bochs_open function present in version 5.9.8 and earlier. Memory leaks occur when allocated memory is not properly released, leading to gradual consumption of system memory resources. In this case, the bochs_open function, which likely handles opening or interfacing with Bochs virtual machine images or components, improperly manages memory allocation. While this vulnerability does not directly allow arbitrary code execution or privilege escalation, continuous exploitation or repeated triggering could exhaust available memory, causing application instability or denial of service (DoS). No CVSS score has been assigned yet, and no public exploits have been reported, indicating limited current threat activity. Radare2 is widely used by security researchers, malware analysts, and developers for reverse engineering tasks, so the vulnerability primarily impacts these user groups. The lack of authentication or user interaction requirements means that any user with access to the vulnerable radare2 installation could potentially trigger the leak. However, the impact remains confined to resource depletion rather than direct compromise of confidentiality or integrity.
Potential Impact
For European organizations, the primary impact of this vulnerability is potential denial of service or degraded performance in environments where radare2 is used extensively for reverse engineering or binary analysis. Organizations involved in cybersecurity research, malware analysis, or software development that rely on radare2 could experience interruptions or instability in their analysis workflows. While the vulnerability does not directly expose sensitive data or allow code execution, prolonged exploitation could disrupt critical security operations or delay incident response activities. The impact on broader enterprise IT infrastructure is limited unless radare2 is integrated into automated pipelines or exposed in multi-user environments. Given the specialized nature of radare2, the overall risk to general European enterprises is low, but targeted sectors such as defense, cybersecurity firms, and research institutions may face moderate operational challenges.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should monitor for updates from the radare2 development team and apply patches promptly once available. In the absence of an official patch, users can review and modify the source code of the bochs_open function to ensure proper memory deallocation, or limit the use of this function until a fix is released. Implementing resource monitoring and alerting on systems running radare2 can help detect abnormal memory consumption early. Restricting access to radare2 installations to trusted personnel and isolating analysis environments can reduce the risk of inadvertent exploitation. Additionally, organizations should incorporate this vulnerability into their vulnerability management processes and conduct regular audits of tools used in security operations to identify and remediate similar issues proactively.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2025-09-26T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 68f256d89c34d0947f29326d
Added to database: 10/17/2025, 2:46:48 PM
Last enriched: 10/17/2025, 3:01:56 PM
Last updated: 10/19/2025, 9:38:34 AM
Views: 9
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-11940: Uncontrolled Search Path in LibreWolf
HighCVE-2025-11939: Path Traversal in ChurchCRM
MediumCVE-2025-11938: Deserialization in ChurchCRM
MediumCVE-2025-62672: CWE-770 Allocation of Resources Without Limits or Throttling in boyns rplay
MediumCVE-2025-47410: CWE-352 Cross-Site Request Forgery (CSRF) in Apache Software Foundation Apache Geode
UnknownActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.