CVE-2025-14512 Redhat CVE debrief

Who should care

Teams running GLib-based software, especially systems that handle untrusted filesystem metadata or remote filesystem attributes, should review exposure. Red Hat Enterprise Linux and OpenShift users should pay attention to the linked vendor advisories and errata.

Technical summary

The issue is described as an integer overflow in GLib GIO’s escape_byte_string() function. When a malicious file or remote filesystem attribute value is processed, the overflow can lead to a heap buffer overflow and service crash. The supplied NVD vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H, and the mapped weakness is CWE-190. NVD’s vulnerable range for GLib ends before 2.86.3.

Defensive priority

Medium. The issue is denial-of-service oriented but can be reached remotely with user interaction, and the affected surface includes widely used GLib/GIO functionality.

Recommended defensive actions

• Update GLib to 2.86.3 or later, or install the vendor-fixed package update for your platform.
• Apply the relevant Red Hat security errata linked to this CVE for affected RHEL or OpenShift systems.
• Inventory applications and services that use GLib/GIO to process file metadata or remote filesystem attributes.
• Treat untrusted filesystem metadata and remote attribute values as security-relevant input in operational reviews.
• Monitor for crashes or abnormal termination in GLib-dependent services until remediation is complete.

Evidence notes

The debrief is based on the supplied NVD record, which lists GLib as vulnerable before 2.86.3 and provides the CVSS vector and CWE-190 mapping. Red Hat advisory links and the GNOME GLib issue reference corroborate vendor tracking and remediation context. No KEV entry was present in the supplied data. Published date used here is 2025-12-11 and modified date is 2026-05-11, per the provided timeline.

Official resources