What is the CVSS score of CVE-2025-14087?

CVE-2025-14087 has a CVSS 3.1 base score of 5.6 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L. EPSS exploitation probability: 0.3%.

Which versions of GLib are affected by CVE-2025-14087?

Organizations using A flaw should be aware of moderate risk from CVE-2025-14087, a integer overflow vulnerability rated CVSS 5.6. Exploitation could cause memory corruption or application crashes.. A patch is available.

How to fix or mitigate CVE-2025-14087?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

GLib CVE-2025-14087

MEDIUM

Integer Overflow or Wraparound (CWE-190)

2025-12-10 secalert@redhat.com

RCE Denial Of Service Integer Overflow

5.6

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 18, 2026 - 17:37 vuln.today

CVE Published

Dec 10, 2025 - 09:15 nvd

MEDIUM 5.6

DescriptionNVD

A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.

AnalysisAI

A buffer-underflow vulnerability exists in GLib's GVariant parser that allows remote attackers to trigger heap corruption through maliciously crafted input strings. This affects GNOME GLib and all versions of Red Hat Enterprise Linux (7.0 through 10.0), potentially enabling denial of service or remote code execution. The vulnerability has an EPSS score of 0.26% (percentile 49%) indicating low exploitation probability despite the moderate CVSS score of 5.6.

Technical ContextAI

GLib is the core utility library for GNOME and is widely used across Linux distributions and applications for data structure handling, type systems, and inter-process communication. The vulnerability resides in the GVariant parser component, which handles serialized data representation. The root cause is classified as CWE-190 (Integer Overflow or Wraparound), which in this case manifests as a buffer-underflow condition when the parser processes specially crafted input strings without proper bounds checking. The affected CPE includes cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:* (all GLib versions), cpe:2.3:o:redhat:enterprise_linux:7.0 through 10.0, indicating this is a foundational library issue with wide distribution impact. The parser's insufficient validation of string length calculations allows an attacker to write data below allocated buffer boundaries, corrupting the heap.

RemediationAI

Apply security updates from your vendor: For Red Hat Enterprise Linux, obtain updated GLib packages from your subscription management system (https://access.redhat.com/security/cve/CVE-2025-14087) and deploy via standard package management (yum/dnf). For GNOME systems, update GLib to the patched version released by GNOME (monitor https://gitlab.gnome.org/GNOME/glib/-/issues/3834 for release details). Until patches can be deployed, mitigate risk by restricting network access to applications using GLib, disabling untrusted input sources, and running affected services with reduced privileges. Input validation at application boundaries can reduce but not eliminate risk. Given the AC:H requirement, applying patches within normal maintenance windows (not emergency cadence) is appropriate unless environment-specific exploitation factors are identified.

Vendor StatusVendor

CVE-2025-14087 vulnerability details – vuln.today

Back