CVE-2025-60019 LOW

CVE-2025-60019: Glib-networking: uninitialized memory dereferences on glib-networking through glib-networking/tls/openssl/gtlsbio.c via g_tls_bio_new_from_iostream() and g_tls_bio_new_from_datagram_based()

Vendor Red Hat
Product Red Hat Enterprise Linux 10
Weakness CWE-476
Published September 25, 2025
Last update June 25, 2026

CVSS base score

3.7/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

glib-networking's OpenSSL backend fails to properly check the return value of memory allocation routines. An out of memory condition could potentially result in writing to an invalid memory location.

Key dates

02Disclosure timeline

September 25, 2025 CVE published
June 25, 2026 Record updated