CVE-2025-60358 – A memory leak vulnerability exists in radare2's... (How to Fix)

Q: What is the severity of CVE-2025-60358?

CVE-2025-60358 has a CVSS score of 5.5 (MEDIUM). A memory leak vulnerability exists in radare2's _load_relocations function in versions 5.9.8 and earlier. This vulnerability allows attackers to cause resource exhaustion by repeatedly triggering the vulnerable function, potentially leading to denial of service. Users of radare2 reverse engineering framework are affected.

📋 TL;DR

A memory leak vulnerability exists in radare2's _load_relocations function in versions 5.9.8 and earlier. This vulnerability allows attackers to cause resource exhaustion by repeatedly triggering the vulnerable function, potentially leading to denial of service. Users of radare2 reverse engineering framework are affected.

💻 Affected Systems

Products:

radare2

Versions: 5.9.8 and earlier

Operating Systems: All platforms running radare2

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability triggers when analyzing binaries with relocation sections; all default configurations are vulnerable.

📦 What is this software?

Radare2 by Radare

View all CVEs affecting Radare2 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sustained exploitation could exhaust system memory, causing radare2 to crash or become unresponsive, potentially disrupting reverse engineering workflows or automated analysis systems.

🟠

Likely Case

Degraded performance during analysis of specially crafted binaries, with possible application crashes after prolonged use.

🟢

If Mitigated

Minimal impact with proper resource limits and monitoring in place; isolated to radare2 process only.

🌐 Internet-Facing: LOW - radare2 is typically used as a local analysis tool, not exposed to external networks.

🏢 Internal Only: MEDIUM - While not directly exploitable for code execution, memory exhaustion could disrupt critical reverse engineering or security analysis workflows.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires ability to feed specially crafted binaries to radare2; no known public exploits exist.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.9.9 or later

Vendor Advisory: https://github.com/radareorg/radare2/pull/24224

Restart Required: No

Instructions:

1. Update radare2 to version 5.9.9 or later using your package manager. 2. For source installations: git pull from official repository and rebuild. 3. Verify installation with 'r2 -v'.

🔧 Temporary Workarounds

Limit memory usage

Unix-like

Set resource limits on radare2 processes to prevent memory exhaustion

ulimit -v 1048576
r2 [binary]

🧯 If You Can't Patch

Avoid analyzing untrusted binaries with radare2
Monitor radare2 memory usage and restart if excessive consumption detected

🔍 How to Verify

Check if Vulnerable:

Run 'r2 -v' and check if version is 5.9.8 or earlier

Check Version:

r2 -v | grep radare2

Verify Fix Applied:

Run 'r2 -v' and confirm version is 5.9.9 or later

📡 Detection & Monitoring

Log Indicators:

High memory usage by radare2 processes
radare2 crash logs with memory allocation failures

Network Indicators:

Not applicable - local tool

SIEM Query:

process_name:"r2" AND memory_usage > 90%

📊 Metadata

CVE ID: CVE-2025-60358

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-401

EPSS Score: 0.02% exploit probability (3.9th percentile)

Published: October 16, 2025

Last Updated: October 23, 2025

🔗 References

https://github.com/radareorg/radare2/pull/24224 Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-60358, you might also want to check these: