CVE-2025-60360
📋 TL;DR
CVE-2025-60360 is a memory leak vulnerability in radare2's r2r_subprocess_init function that allows attackers to cause resource exhaustion through repeated exploitation. This affects users running radare2 v5.9.8 and earlier versions. The vulnerability could lead to denial of service conditions in systems where radare2 processes untrusted input.
💻 Affected Systems
- radare2
📦 What is this software?
Radare2 by Radare
⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could lead to complete system memory exhaustion, causing system crashes or denial of service for all applications on the affected host.
Likely Case
Local or remote attackers could degrade system performance by causing memory pressure, potentially affecting other applications running on the same system.
If Mitigated
With proper resource limits and monitoring, impact is limited to temporary performance degradation of the radare2 process itself.
🎯 Exploit Status
Exploitation requires the ability to trigger the r2r_subprocess_init function with controlled parameters, typically through radare2's test framework or custom scripts using the library.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in radare2 v5.9.9 and later
Vendor Advisory: https://github.com/radareorg/radare2/pull/24245
Restart Required: No
Instructions:
1. Update radare2 to version 5.9.9 or later using your package manager. 2. For source installations: git pull from the radare2 repository and rebuild. 3. Verify the fix by checking the version with 'r2 -v'.
🔧 Temporary Workarounds
Limit radare2 memory usage
allUse system resource limits to prevent memory exhaustion from the memory leak
ulimit -v 1048576
systemd-run --scope -p MemoryLimit=1G r2 [arguments]
Disable r2r test framework
allPrevent execution of the vulnerable r2r component if not needed
chmod -x /usr/bin/r2r
remove or rename r2r binary if present
🧯 If You Can't Patch
- Implement strict monitoring for radare2 memory usage and restart processes that exceed thresholds
- Isolate radare2 execution in containers with memory limits to contain potential memory exhaustion
🔍 How to Verify
Check if Vulnerable:
Run 'r2 -v' and check if version is 5.9.8 or earlier. Also check if r2r binary exists in the installation.Check Version:
r2 -v | grep -o 'radare2 [0-9.]*'Verify Fix Applied:
After updating, verify version is 5.9.9 or later with 'r2 -v'. Test r2r functionality to ensure it works without memory growth.📡 Detection & Monitoring
Log Indicators:
- Unusual memory consumption by radare2 processes
- Multiple radare2 process spawns in short time
- System out-of-memory events correlated with radare2 execution
Network Indicators:
- None - this is a local resource exhaustion vulnerability
SIEM Query:
process.name:"r2" AND memory.usage > 90% OR process.name:"r2r" AND event.type:"process_start"