CVE-2025-6052
Published: 13 June 2025
Summary
CVE-2025-6052 is a low-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Gnome Glib. Its CVSS base score is 3.7 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 37.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-18285
Vulnerability details
A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system…
more
think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Integer overflow in GLib GString leads to buffer overflow and memory corruption, exploitable remotely via large untrusted input for initial access (T1190), client execution (T1203), remote service exploitation (T1210), privilege escalation (T1068), or endpoint DoS via application crash (T1499.004).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.