CVE-2025-14087 Redhat CVE debrief

Who should care

Administrators and developers who ship or depend on GLib, especially software that parses untrusted GVariant input. Red Hat Enterprise Linux customers on affected releases (7, 8, 9, and 10) should pay particular attention to the linked errata and package updates.

Technical summary

The supplied record describes a buffer-underflow condition in the GVariant parser that can corrupt heap memory when processing attacker-controlled strings. NVD lists the weakness classification as CWE-190 via Red Hat’s security metadata, and the affected GLib range is shown as versions earlier than 2.86.3. The published CVSS vector is AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L, indicating remote reachability without privileges or user interaction, but with higher attack complexity.

Defensive priority

Medium priority. The severity score is 5.6 and there is no KEV listing in the supplied data, but the issue affects a widely used library and can impact systems that accept untrusted input.

Recommended defensive actions

• Upgrade GLib to 2.86.3 or later, or install the vendor errata that include the fix for your platform.
• Apply the referenced Red Hat advisories for affected RHEL releases: RHSA-2026:15953, RHSA-2026:15969, RHSA-2026:15971, and RHSA-2026:7461.
• Review applications and services that parse external or attacker-controlled GVariant strings, since those are the most relevant exposure points.
• If patching is delayed, reduce exposure by limiting untrusted input paths and monitoring for abnormal crashes in GLib-using services.

Evidence notes

This brief is based only on the supplied NVD record and its official references. The record states a GLib GVariant parser buffer-underflow with heap corruption, lists vulnerable GLib versions before 2.86.3, and includes Red Hat security references and a GNOME issue tracker link. Timing context uses the provided CVE published and modified timestamps from 2025-12-10 and 2026-05-11.

Official resources