CVE-2025-7039 — Path Traversal in Azl3 Glib 2.78.6-3 ON Azure Linux 3.0

CWE-22 — Path Traversal CWE-190 — Integer Overflow or Wraparound CWE-787 — Out-of-bounds Write10 documents6 sources

Severity

3.7LOWNVD

OSV7.7

EPSS

0.0%

top 86.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Glib2.0 Msrc Azl3 Glib 2.78.6-3 ON Azure Linux 3.0 Msrc Azl3 Glib 2.78.6-4 ON Azure Linux 3.0 +6 more

Timeline

PublishedSep 3

Latest updateFeb 10

Description

A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages9 packages

▶debiandebian/glib2.0< glib2.0 2.74.6-2+deb12u7 (bookworm)

▶msrcmsrc/azl3_glib_2.78.6-3_on_azure_linux_3.0

▶msrcmsrc/azl3_glib_2.78.6-4_on_azure_linux_3.0

▶msrcmsrc/cbl2_glib_2.71.0-5_on_cbl_mariner_2.0

▶msrcmsrc/cbl2_glib_2.71.0-6_on_cbl_mariner_2.0

🔴Vulnerability Details

OSV

glib2.0 vulnerabilities↗2026-02-10

▶

OSV

glib2.0 vulnerabilities↗2026-01-06

▶

OSV

CVE-2025-7039: A flaw was found in glib↗2025-09-03

▶

📋Vendor Advisories

Ubuntu

GLib vulnerabilities↗2026-02-10

▶

Ubuntu

GLib vulnerabilities↗2026-01-06

▶

Microsoft

Glib: buffer under-read on glib through glib/gfileutils.c via get_tmp_file()↗2025-09-09

▶

Red Hat

glib: Buffer Under-read on GLib through glib/gfileutils.c via get_tmp_file()↗2025-07-02

▶

Debian

CVE-2025-7039: glib2.0 - A flaw was found in glib. An integer overflow during temporary file creation lea...↗2025

▶