CVE-2025-14087
CVE Details
Visit the official vulnerability details page for CVE-2025-14087 to learn more.
Initial Publication
12/11/2025
Last Update
02/12/2026
Third Party Dependency
glib2
NIST CVE Summary
A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.
CVE Severity
Our Official Summary
This is a heap-corruption vulnerability in the GLib GVariant parser that occurs when maliciously crafted input strings trigger a buffer underflow during parsing. It can be exploited remotely without authentication to crash affected applications (denial of service) and, under specific conditions, potentially enable arbitrary code execution.
This vulnerability is applicable only if vmo or harbor registry is used as it only affect these images. Exploting this vulnerability on these images will require elevated permissions with cluster access. Several cluster security best practices if implemented correctly will make this exploitation very difficult.
A upstream fix when available will be adopted to fix this cve.
Status
Open
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.8.27 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
Revision History
| Date | Revision |
|---|---|
| 02/12/2026 | Official summary added |
| 02/10/2026 | Advisory severity revised to CRITICAL from MEDIUM |