CVE-2025-13601
HIGHCVSS 7.7/10EPSS 0.31%
Last modified
CVE-2025-13601 is a high-severity vulnerability rated 7.7/10 on the CVSS scale. A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.. EPSS estimates a 0.31% chance of exploitation in the next 30 days.
Description
A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Codeready Linux Builder | 9.0 |
| Redhat | Codeready Linux Builder For Ibm Z Systems | 9.0_s390x |
| Redhat | Codeready Linux Builder For Power Little Endian | 9.0_ppc64le |
| Redhat | Codeready Linux Builder For X86 64 | 9.0 |
| Redhat | Enterprise Linux For Arm 64 | 9.0 |
| Redhat | Enterprise Linux For Ibm Z Systems | 9.0_s390x |
| Redhat | Enterprise Linux For Power Little Endian | 9.0_ppc64le |
| Redhat | Enterprise Linux For X86 64 | 9.0 |
| Redhat | Codeready Linux Builder For Arm64 | 10.0 |
| Redhat | Codeready Linux Builder For Ibm Z Systems | 10.0_s390x |
| Redhat | Codeready Linux Builder For Power Little Endian | 10.0_ppc64le |
| Redhat | Codeready Linux Builder For X86 64 | 10.0 |
| Redhat | Enterprise Linux For Arm 64 | 10.0 |
| Redhat | Enterprise Linux For Ibm Z Systems | 10.0_s390x |
| Redhat | Enterprise Linux For Power Little Endian | 10.0_ppc64le |
| Redhat | Enterprise Linux For X86 64 | 10.0 |
| Redhat | Codeready Linux Builder For Arm64 | 8.0 |
| Redhat | Codeready Linux Builder For Ibm Z Systems | 8.0_s390x |
| Redhat | Codeready Linux Builder For Power Little Endian | 8.0_ppc64le |
| Redhat | Codeready Linux Builder For X86 64 | 8.0 |
| Redhat | Enterprise Linux For Arm 64 | 8.0 |
| Redhat | Enterprise Linux For Ibm Z Systems | 8.0_s390x |
| Redhat | Enterprise Linux For Power Little Endian | 8.0_ppc64le |
| Redhat | Enterprise Linux For X86 64 | 8.0 |
| Redhat | Enterprise Linux For Arm 64 | 9.2 |
| Redhat | Enterprise Linux For Ibm Z Systems | 9.2_s390x |
| Redhat | Enterprise Linux For Power Little Endian | 9.2_ppc64le |
| Redhat | Enterprise Linux For X86 64 | 9.2 |
| Redhat | Enterprise Linux Server Aus | 9.2 |
| Redhat | Codeready Linux Builder For Arm64 Eus | 9.4 |
| Redhat | Codeready Linux Builder For Ibm Z Systems | 9.4_s390x |
| Redhat | Codeready Linux Builder For Power Little Endian | 9.4_ppc64le |
| Redhat | Codeready Linux Builder For X86 64 | 9.4 |
| Redhat | Enterprise Linux For Arm 64 | 9.4 |
| Redhat | Enterprise Linux For Ibm Z Systems | 9.4_s390x |
| Redhat | Enterprise Linux For Power Little Endian | 9.4_ppc64le |
| Redhat | Enterprise Linux For X86 64 | 9.4 |
| Redhat | Enterprise Linux For X86 64 Eus | 9.4 |
| Redhat | Enterprise Linux Server Aus | 9.4 |
| Redhat | Enterprise Linux Server For Power Little Endian | 9.4_ppc64le |
| Redhat | Enterprise Linux Server For Power Little Endian Eus | 9.4_ppc64le |
| Redhat | Codeready Linux Builder For Arm64 Eus | 10.0 |
| Redhat | Codeready Linux Builder For Ibm Z Systems Eus | 10.0_s390x |
| Redhat | Codeready Linux Builder For Power Little Endian Eus | 10.0_ppc64le |
| Redhat | Codeready Linux Builder For X86 64 Eus | 10.0 |
| Redhat | Enterprise Linux For Arm 64 Eus | 10.0 |
| Redhat | Enterprise Linux For Ibm Z Systems Eus | 10.0_s390x |
| Redhat | Enterprise Linux For Power Little Endian Eus | 10.0_ppc64le |
| Redhat | Enterprise Linux For X86 64 Eus | 10.0 |
| Redhat | Enterprise Linux Server For Power Little Endian | 10.0_ppc64le |
Showing 50 of 102 affected configurations. See NVD for the full list.
References
- https://access.redhat.com/errata/RHSA-2026:0936Vendor Advisory
- https://access.redhat.com/errata/RHSA-2026:0975Vendor Advisory
- https://access.redhat.com/errata/RHSA-2026:0991Vendor Advisory
- https://access.redhat.com/errata/RHSA-2026:1323Vendor Advisory
- https://access.redhat.com/errata/RHSA-2026:1324Vendor Advisory
- https://access.redhat.com/errata/RHSA-2026:1326Vendor Advisory
- https://access.redhat.com/errata/RHSA-2026:1327Vendor Advisory
- https://access.redhat.com/errata/RHSA-2026:1465Vendor Advisory
- https://access.redhat.com/errata/RHSA-2026:1608Vendor Advisory
- https://access.redhat.com/errata/RHSA-2026:1624Vendor Advisory
- https://access.redhat.com/errata/RHSA-2026:1625Vendor Advisory
- https://access.redhat.com/errata/RHSA-2026:1626Vendor Advisory
- https://access.redhat.com/errata/RHSA-2026:1627Vendor Advisory
- https://access.redhat.com/errata/RHSA-2026:1652Vendor Advisory
- https://access.redhat.com/errata/RHSA-2026:1736Vendor Advisory
- https://access.redhat.com/errata/RHSA-2026:2064Vendor Advisory
- https://access.redhat.com/errata/RHSA-2026:2072Vendor Advisory
- https://access.redhat.com/errata/RHSA-2026:2485Vendor Advisory
- https://access.redhat.com/errata/RHSA-2026:2563Vendor Advisory
- https://access.redhat.com/errata/RHSA-2026:2633Vendor Advisory
- https://access.redhat.com/errata/RHSA-2026:2659Vendor Advisory
- https://access.redhat.com/errata/RHSA-2026:2671Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2025-13601Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2416741Issue Tracking, Vendor Advisory
- https://gitlab.gnome.org/GNOME/glib/-/issues/3827Exploit, Issue Tracking
- https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2025-13601?
A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.
How severe is CVE-2025-13601?
CVE-2025-13601 has a CVSS score of 7.7/10 (HIGH severity). The EPSS model estimates a 0.31% probability of exploitation in the next 30 days.
How do I fix CVE-2025-13601?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2025-13601?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST