CVE-2025-15281

High

Published: 20 January 2026

Published

20 January 2026

Modified

05 February 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0007 21.1th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-15281 is a high-severity Use of Uninitialized Resource (CWE-908) vulnerability in Gnu Glibc. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 21.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004).

Threat & Defense Details

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

Vulnerability enables remote DoS via crafted input to wordexp triggering process abort on wordfree (CWE-908, A:H impact), directly mapping to application exploitation for endpoint denial of service.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.

Deeper analysisAI

CVE-2025-15281 is a vulnerability in the GNU C Library (glibc), affecting versions 2.0 through 2.42. It occurs in the wordexp function when invoked with the WRDE_REUSE flag in conjunction with WRDE_APPEND, causing the interface to return uninitialized memory in the we_wordv member of the wordexp_t structure. A subsequent call to wordfree on this structure may trigger a process abort. The issue is classified under CWE-908 (Use of Uninitialized Resource) with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to availability impact.

The vulnerability can be exploited remotely over a network by unauthenticated attackers with low complexity and no user interaction required. Exploitation involves crafting input that triggers the specific flag combination in an application using wordexp, leading to uninitialized memory exposure in we_wordv. This results in a denial-of-service condition when wordfree is called, as the process aborts due to invalid memory access.

Mitigation details are available in the referenced advisories, including the Sourceware Bugzilla entry at https://sourceware.org/bugzilla/show_bug.cgi?id=33814 and the oss-security mailing list announcement at http://www.openwall.com/lists/oss-security/2026/01/20/3, which discuss patches and workarounds for affected glibc versions.

Details

CWE(s): CWE-908

Affected Products

gnu

glibc

2.0 — 2.43

CVEs Like This One

CVE-2026-4437Same product: Gnu Glibc

CVE-2026-4046Same product: Gnu Glibc

CVE-2026-0915Same product: Gnu Glibc

CVE-2026-5928Same product: Gnu Glibc

CVE-2026-0861Same product: Gnu Glibc

CVE-2026-5435Same product: Gnu Glibc

CVE-2026-5450Same product: Gnu Glibc

CVE-2025-13151Same vendor: Gnu

CVE-2025-69649Same vendor: Gnu

CVE-2025-69650Same vendor: Gnu

References

https://sourceware.org/bugzilla/show_bug.cgi?id=33814
Issue Tracking, Patch · 3ff69d7a-14f2-4f67-a097-88dee7810d18
http://www.openwall.com/lists/oss-security/2026/01/20/3
Mailing List, Third Party Advisory · af854a3a-2127-422b-91ae-364da2661108