CVE-2025-7039 | THREATINT

Description

A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.

PUBLISHED Reserved 2025-07-02 | Published 2025-09-03 | Updated 2025-09-03 | Assigner redhat

LOW: 3.7CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Problem types

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

unknown

Default status

unknown

Default status

unknown

Default status

unknown

Default status

unknown

Default status

unknown

Default status

unknown

Default status

unknown

Default status

unknown

Timeline

2025-09-01:	Reported to Red Hat.
2025-07-02:	Made public.

References

access.redhat.com/security/cve/CVE-2025-7039 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2392423 (RHBZ#2392423) issue-tracking

cve.org (CVE-2025-7039)

nvd.nist.gov (CVE-2025-7039)

Download JSON