CVE-2025-11234
Qemu-kvm: vnc websocket handshake use-after-free
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.5EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
03 Oct 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network access to the VNC WebSocket port to cause a denial of service during the WebSocket handshake prior to the VNC client authentication.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
qemuRed Hat · Red Hat Enterprise Linux 10Red Hat · Red Hat Enterprise Linux 6Red Hat · Red Hat Enterprise Linux 7Red Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 9.4 Extended Update SupportRed Hat · Red Hat OpenShift Container Platform 4.16Red Hat · Red Hat OpenShift Container Platform 4.17Red Hat · Red Hat OpenShift Container Platform 4.18Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://access.redhat.com/errata/RHSA-2025:23228https://access.redhat.com/errata/RHSA-2026:0326https://access.redhat.com/errata/RHSA-2026:0332https://access.redhat.com/errata/RHSA-2026:0702https://access.redhat.com/errata/RHSA-2026:1831https://access.redhat.com/errata/RHSA-2026:18772https://access.redhat.com/errata/RHSA-2026:22147https://access.redhat.com/errata/RHSA-2026:3077https://access.redhat.com/errata/RHSA-2026:3165https://access.redhat.com/errata/RHSA-2026:5578https://access.redhat.com/security/cve/CVE-2025-11234https://bugzilla.redhat.com/show_bug.cgi?id=2401209