Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

CVE-2025-60361: n/a

0
Low
VulnerabilityCVE-2025-60361cvecve-2025-60361
Published: Fri Oct 17 2025 (10/17/2025, 00:00:00 UTC)
Source: CVE Database V5

Description

radare2 v5.9.8 and before contains a memory leak in the function bochs_open.

AI-Powered Analysis

AILast updated: 10/17/2025, 15:01:56 UTC

Technical Analysis

CVE-2025-60361 identifies a memory leak vulnerability in the open-source reverse engineering framework radare2, specifically in the bochs_open function present in version 5.9.8 and earlier. Memory leaks occur when allocated memory is not properly released, leading to gradual consumption of system memory resources. In this case, the bochs_open function, which likely handles opening or interfacing with Bochs virtual machine images or components, improperly manages memory allocation. While this vulnerability does not directly allow arbitrary code execution or privilege escalation, continuous exploitation or repeated triggering could exhaust available memory, causing application instability or denial of service (DoS). No CVSS score has been assigned yet, and no public exploits have been reported, indicating limited current threat activity. Radare2 is widely used by security researchers, malware analysts, and developers for reverse engineering tasks, so the vulnerability primarily impacts these user groups. The lack of authentication or user interaction requirements means that any user with access to the vulnerable radare2 installation could potentially trigger the leak. However, the impact remains confined to resource depletion rather than direct compromise of confidentiality or integrity.

Potential Impact

For European organizations, the primary impact of this vulnerability is potential denial of service or degraded performance in environments where radare2 is used extensively for reverse engineering or binary analysis. Organizations involved in cybersecurity research, malware analysis, or software development that rely on radare2 could experience interruptions or instability in their analysis workflows. While the vulnerability does not directly expose sensitive data or allow code execution, prolonged exploitation could disrupt critical security operations or delay incident response activities. The impact on broader enterprise IT infrastructure is limited unless radare2 is integrated into automated pipelines or exposed in multi-user environments. Given the specialized nature of radare2, the overall risk to general European enterprises is low, but targeted sectors such as defense, cybersecurity firms, and research institutions may face moderate operational challenges.

Mitigation Recommendations

To mitigate this vulnerability, European organizations should monitor for updates from the radare2 development team and apply patches promptly once available. In the absence of an official patch, users can review and modify the source code of the bochs_open function to ensure proper memory deallocation, or limit the use of this function until a fix is released. Implementing resource monitoring and alerting on systems running radare2 can help detect abnormal memory consumption early. Restricting access to radare2 installations to trusted personnel and isolating analysis environments can reduce the risk of inadvertent exploitation. Additionally, organizations should incorporate this vulnerability into their vulnerability management processes and conduct regular audits of tools used in security operations to identify and remediate similar issues proactively.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2025-09-26T00:00:00.000Z
Cvss Version
null
State
PUBLISHED

Threat ID: 68f256d89c34d0947f29326d

Added to database: 10/17/2025, 2:46:48 PM

Last enriched: 10/17/2025, 3:01:56 PM

Last updated: 10/19/2025, 9:38:34 AM

Views: 9

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats