What is the CVSS score of CVE-2025-15281?

CVE-2025-15281 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.1%.

Which versions of Glibc are affected by CVE-2025-15281?

Organizations using conjunction with WRDE_APPEND in the GNU C Library face notable risk from CVE-2025-15281 rated CVSS 7.5. Exploitation could compromise the security of affected deployments.. A patch is available.

How to fix or mitigate CVE-2025-15281?

Within 7 days: Identify all affected systems running conjunction with WRDE_APPEND in the GNU C Library and apply vendor patches promptly. Vendor patch is available.

Glibc CVE-2025-15281

HIGH

Use of Uninitialized Resource (CWE-908)

2026-01-20 3ff69d7a-14f2-4f67-a097-88dee7810d18

Information Disclosure Red Hat Glibc Suse

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

Patch released

Feb 05, 2026 - 17:43 nvd

Patch available

CVE Published

Jan 20, 2026 - 14:16 nvd

HIGH 7.5

DescriptionNVD

Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.

AnalysisAI

Technical ContextAI

Classified as CWE-908 (Use of Uninitialized Resource). Affects Glibc. Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.