CVE-2025-7039

EUVD-2025-26475
A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
redhatCNA
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
Debian logo
Debian Releases
Debian Product
Codename
glib2.0
bookworm
2.74.6-2+deb12u8
fixed
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
2.66.8-1+deb11u8
fixed
forky
2.87.2-3
fixed
sid
2.87.2-3
fixed
trixie
2.84.4-3~deb13u2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
glib2.0
bionic
Fixed 2.56.4-0ubuntu0.18.04.9+esm5
released
focal
Fixed 2.64.6-1~ubuntu20.04.9+esm1
released
jammy
Fixed 2.72.4-0ubuntu2.7
released
noble
Fixed 2.80.0-6ubuntu3.6
released
plucky
Fixed 2.84.1-1ubuntu0.2
released
questing
not-affected
trusty
Fixed 2.40.2-0ubuntu1.1+esm7
released
xenial
Fixed 2.48.2-0ubuntu4.8+esm5
released
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2025-7039
https://bugzilla.redhat.com/show_bug.cgi?id=2392423