CVE-2025-60359: 
NixOS vulnerability analysis and mitigation

A memory leak vulnerability was identified in radare2 versions 5.9.8 and earlier, specifically in the function rbinobject_new. The vulnerability was assigned CVE-2025-60359 and was disclosed on October 17, 2025. The affected software is radare2, a reverse engineering framework (NVD, Ubuntu).

The vulnerability is classified as a memory leak (CWE-401: Missing Release of Memory after Effective Lifetime). It has been assigned a CVSS 3.1 base score of 5.5 (Medium) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The vulnerability requires local access, low attack complexity, and low privileges to exploit, with no user interaction needed (Ubuntu).

The vulnerability primarily affects system availability, with no direct impact on confidentiality or integrity. The high availability impact rating suggests that successful exploitation could lead to a significant degradation of system resources through memory leaks, potentially resulting in denial of service conditions (Ubuntu).

The vulnerability has been fixed in radare2 version 6.0.0 through a patch that addresses the memory leak. Users are advised to upgrade to the fixed version. The fix was implemented through a pull request that specifically addresses the memory leak issue (GitHub PR).