How to fix EUVD-2025-18285?

During next maintenance window: Apply vendor patches when convenient. Verify integer overflow controls are in place.

Is Integer Overflow affected by EUVD-2025-18285?

CVE-2025-6052 is a low-severity vulnerability in A flaw involving integer overflow (CVSS 3.7). The limited severity suggests constrained impact, typically requiring specific conditions or local access for exploitation. Apply vendor updates when available as part of routine maintenance.

EUVD-2025-18285

| CVE-2025-6052 LOW

2025-06-13 [email protected]

3.7

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 14, 2026 - 21:34 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 21:34 euvd

EUVD-2025-18285

CVE Published

Jun 13, 2025 - 16:15 nvd

LOW 3.7

Description

A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.

Analysis

Technical Context

An integer overflow occurs when an arithmetic operation produces a value that exceeds the maximum (or minimum) size of the integer type used to store it. This vulnerability is classified as Integer Overflow or Wraparound (CWE-190).

Affected Products

Affected products: Gnome Glib

Remediation

Use safe integer arithmetic libraries. Check for overflow conditions before operations. Use appropriately sized integer types.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +18

POC: 0

Vendor Status

Ubuntu

Priority: Low

glib2.0

Release	Status	Version
upstream	released	2.84.3-1
bionic	not-affected	-
focal	not-affected	-
jammy	not-affected	2.72.4-0ubuntu2.5
trusty	not-affected	-
xenial	not-affected	-
oracular	ignored	end of life, was needed
noble	released	2.80.0-6ubuntu3.6
plucky	released	2.84.1-1ubuntu0.2
questing	not-affected	2.84.3-1

USN-7942-1

Debian

Bug #1107797

glib2.0

Release	Status	Fixed Version	Urgency
bullseye	not-affected	-	-
bullseye (security)	fixed	2.66.8-1+deb11u8	-
bookworm	not-affected	-	-
bookworm (security)	fixed	2.74.6-2+deb12u2	-
trixie	fixed	2.84.4-3~deb13u2	-
forky, sid	fixed	2.87.2-3	-
(unstable)	fixed	2.84.3-1	unimportant

EUVD-2025-18285 vulnerability details – vuln.today

Back

EUVD-2025-18285

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

EUVD-2025-18285

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code