Cyber Resilience

CVE-2025-15281

High

Published: 20 January 2026

Published
20 January 2026
Modified
05 February 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0009 25.4th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-15281 is a high-severity Use of Uninitialized Resource (CWE-908) vulnerability in Gnu Glibc. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 25.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-15281 is a vulnerability in the GNU C Library (glibc), affecting versions 2.0 through 2.42. It occurs in the wordexp function when invoked with the WRDE_REUSE flag in conjunction with WRDE_APPEND, causing the interface to return uninitialized memory in the we_wordv member of the wordexp_t structure. A subsequent call to wordfree on this structure may trigger a process abort. The issue is classified under CWE-908 (Use of Uninitialized Resource) with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to availability impact.

The vulnerability can be exploited remotely over a network by unauthenticated attackers with low complexity and no user interaction required. Exploitation involves crafting input that triggers the specific flag combination in an application using wordexp, leading to uninitialized memory exposure in we_wordv. This results in a denial-of-service condition when wordfree is called, as the process aborts due to invalid memory access.

Mitigation details are available in the referenced advisories, including the Sourceware Bugzilla entry at https://sourceware.org/bugzilla/show_bug.cgi?id=33814 and the oss-security mailing list announcement at http://www.openwall.com/lists/oss-security/2026/01/20/3, which discuss patches and workarounds for affected glibc versions.

EU & UK References

Vulnerability details

Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Vulnerability enables remote DoS via crafted input to wordexp triggering process abort on wordfree (CWE-908, A:H impact), directly mapping to application exploitation for endpoint denial of service.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-0915Same product: Gnu Glibc
CVE-2026-4437Same product: Gnu Glibc
CVE-2026-4046Same product: Gnu Glibc
CVE-2026-5928Same product: Gnu Glibc
CVE-2026-0861Same product: Gnu Glibc
CVE-2026-5450Same product: Gnu Glibc
CVE-2026-5435Same product: Gnu Glibc
CVE-2025-69649Same vendor: Gnu
CVE-2025-69650Same vendor: Gnu
CVE-2025-13151Same vendor: Gnu

Affected Assets

gnu
glibc
2.0 — 2.43

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates timely identification, reporting, and correction of software flaws like the uninitialized memory issue in glibc's wordexp function exploited in CVE-2025-15281.

detect

Requires vulnerability scanning to identify systems with vulnerable glibc versions (2.0-2.42) affected by CVE-2025-15281.

detect

Ensures receipt and dissemination of security advisories for vulnerabilities such as CVE-2025-15281 in glibc, enabling proactive remediation.

References