CVE-2025-11234

A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network access to the VNC WebSocket port to cause a denial of service during the WebSocket handshake prior to the VNC client authentication.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2025:23228
https://access.redhat.com/errata/RHSA-2026:0326
https://access.redhat.com/errata/RHSA-2026:0332
https://access.redhat.com/errata/RHSA-2026:0702
https://access.redhat.com/errata/RHSA-2026:1831
https://access.redhat.com/errata/RHSA-2026:18772
https://access.redhat.com/errata/RHSA-2026:22147
https://access.redhat.com/errata/RHSA-2026:3077
https://access.redhat.com/errata/RHSA-2026:3165
https://access.redhat.com/errata/RHSA-2026:5578
https://access.redhat.com/security/cve/CVE-2025-11234
https://bugzilla.redhat.com/show_bug.cgi?id=2401209

Configurations

No configuration.

History

01 Jun 2026, 04:16

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2026:22147 -

19 May 2026, 15:16

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2026:18772 -

24 Mar 2026, 11:16

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2026:5578 -

24 Feb 2026, 11:16

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2026:3165 -

23 Feb 2026, 14:16

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2026:3077 -

05 Feb 2026, 20:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2026:1831 -

22 Jan 2026, 20:16

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2026:0702 -

15 Jan 2026, 19:16

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2026:0326 - () https://access.redhat.com/errata/RHSA-2026:0332 -

17 Dec 2025, 15:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:23228 -

03 Oct 2025, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-10-03 11:15

Updated : 2026-06-17 08:29

NVD link : CVE-2025-11234

Mitre link : CVE-2025-11234

CVE.ORG link : CVE-2025-11234

JSON object : View

Products Affected

No product.

CWE

CWE-416

Use After Free

7.5 /10