Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-817e-zas3-6yf6
Vulnerability ID VCID-817e-zas3-6yf6
Aliases CVE-2025-3360
Summary glibc: GLib prior to 2.82.5 is vulnerable to integer overflow and buffer under-read when parsing a very long invalid ISO 8601 timestamp with g_date_time_new_from_iso8601().
Status Published
Exploitability 0.5
Weighted Severity 3.3
Risk 1.6
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-190 Integer Overflow or Wraparound
System Score Found at
cvssv3 3.7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3360.json
cvssv3.1 3.7 https://access.redhat.com/security/cve/CVE-2025-3360
ssvc Track https://access.redhat.com/security/cve/CVE-2025-3360
epss 0.00392 https://api.first.org/data/v1/epss?cve=CVE-2025-3360
epss 0.00392 https://api.first.org/data/v1/epss?cve=CVE-2025-3360
epss 0.00392 https://api.first.org/data/v1/epss?cve=CVE-2025-3360
epss 0.00392 https://api.first.org/data/v1/epss?cve=CVE-2025-3360
epss 0.00392 https://api.first.org/data/v1/epss?cve=CVE-2025-3360
epss 0.00392 https://api.first.org/data/v1/epss?cve=CVE-2025-3360
epss 0.00392 https://api.first.org/data/v1/epss?cve=CVE-2025-3360
epss 0.00392 https://api.first.org/data/v1/epss?cve=CVE-2025-3360
cvssv3.1 3.7 https://bugzilla.redhat.com/show_bug.cgi?id=2357754
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=2357754
cvssv3.1 5.9 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3360.json
https://api.first.org/data/v1/epss?cve=CVE-2025-3360
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2357754 https://bugzilla.redhat.com/show_bug.cgi?id=2357754
cpe:/o:redhat:enterprise_linux:10 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
CVE-2025-3360 https://access.redhat.com/security/cve/CVE-2025-3360
USN-7942-1 https://usn.ubuntu.com/7942-1/
USN-7942-2 https://usn.ubuntu.com/7942-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3360.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/security/cve/CVE-2025-3360
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T13:23:42Z/ Found at https://access.redhat.com/security/cve/CVE-2025-3360
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://bugzilla.redhat.com/show_bug.cgi?id=2357754
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T13:23:42Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2357754
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.60169
EPSS Score 0.00392
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:41:21.642844+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3360.json 38.0.0