What is the CVSS score of CVE-2025-13601?

CVE-2025-13601 has a CVSS 3.1 base score of 7.7 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H. EPSS exploitation probability: 0.0%.

Is there a public PoC exploit available for CVE-2025-13601?

Yes, a public proof-of-concept exploit is available for CVE-2025-13601. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2025-13601?

Within 24 hours: Inventory all RHEL 9.0 and 10.0 systems across x86_64, ARM64, IBM Z, and PowerPC architectures. Within 7 days: Apply vendor-released patches via RHSA advisories to all affected systems; validate patch application by confirming GLib package version updates. Within 30 days: Complete patching across all environments and conduct verification testing in staging before production deployment.

CVE-2025-13601

HIGH

Integer Overflow or Wraparound (CWE-190)

2025-11-26 secalert@redhat.com

Buffer Overflow Integer Overflow

7.7

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 19, 2026 - 20:29 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 19, 2026 - 20:22 vuln.today

cvss_changed

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 19, 2026 - 06:22 vuln.today

PoC Detected

Mar 19, 2026 - 06:16 vuln.today

Public exploit code

CVE Published

Nov 26, 2025 - 15:15 nvd

HIGH 7.7

DescriptionNVD

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.

AnalysisAI

Heap-based buffer overflow in GLib's g_escape_uri_string() function allows local attackers to achieve high-integrity and high-availability impacts through integer overflow in escaped string length calculation. The vulnerability affects Red Hat Enterprise Linux 9.0 and 10.0 across multiple architectures (x86_64, ARM64, IBM Z, PowerPC). Vendor patches are available via multiple RHSA advisories. Publicly available exploit code exists, but EPSS score remains extremely low (0.01%, 1st percentile), suggesting minimal real-world exploitation activity despite the availability of technical details.

Technical ContextAI

GLib is a foundational low-level library providing core application building blocks for C programs, including data structure handling, portability wrappers, and utilities like URI string manipulation. The g_escape_uri_string() function is designed to percent-encode characters in URI strings that are not allowed in specific URI components. The vulnerability stems from CWE-190 (Integer Overflow or Wraparound) in the buffer size calculation logic when processing strings containing an extremely large number of characters requiring escaping. When calculating the length needed for the escaped output, the integer arithmetic overflows, resulting in allocation of an undersized buffer on the heap. Subsequent write operations during the escaping process then write beyond the allocated buffer boundary, creating a heap-based buffer overflow condition. This affects systems using GLib as a dependency, which includes numerous GNOME applications and system utilities across Red Hat Enterprise Linux distributions on x86_64, aarch64, s390x, and ppc64le architectures.

RemediationAI

Apply vendor-released patches from Red Hat security advisories corresponding to your specific RHEL version and architecture using standard package management (dnf update glib2 or yum update glib2). For RHEL 9.0 systems, consult advisories RHSA-2026:0936, RHSA-2026:0975, RHSA-2026:0991, RHSA-2026:1323-1327, RHSA-2026:1465, and RHSA-2026:1608. For RHEL 10.0 systems, reference RHSA-2026:1624-1627, RHSA-2026:1652, and RHSA-2026:1736. Complete advisory URLs and architecture-specific package details are available at access.redhat.com/errata. If immediate patching is not feasible, implement application-level input validation to restrict URI string length processed by GLib-dependent applications, though this workaround has limited effectiveness since GLib is a dependency of numerous system components and enforcing length limits may break legitimate functionality. Monitor processes using GLib for unexpected crashes that could indicate exploitation attempts, and consider restricting local access privileges to reduce attack surface, though the PR:N vector means even unprivileged local users can trigger the condition.

Vendor StatusVendor

CVE-2025-13601 vulnerability details – vuln.today

Back

CVE-2025-13601

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Vendor StatusVendor

Share

External POC / Exploit Code