๐Ÿ” CVE Alert

CVE-2025-11234

HIGH 7.5

Qemu-kvm: vnc websocket handshake use-after-free

CVSS Score
7.5
EPSS Score
0.1%
EPSS Percentile
33th

A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network access to the VNC WebSocket port to cause a denial of service during the WebSocket handshake prior to the VNC client authentication.

CWE CWE-416
Published Oct 3, 2025
Last Updated Mar 24, 2026
Stay Ahead of the Next One

Get instant alerts for

Be the first to know when new high vulnerabilities are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Affected Versions

Red Hat / Red Hat Enterprise Linux 10
All versions affected
Red Hat / Red Hat Enterprise Linux 8
All versions affected
Red Hat / Red Hat Enterprise Linux 8
All versions affected
Red Hat / Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 9.4 Extended Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 9.4 Extended Update Support
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4.16
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4.17
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4.18
All versions affected
Red Hat / Red Hat Enterprise Linux 6
All versions affected
Red Hat / Red Hat Enterprise Linux 7
All versions affected
Red Hat / Red Hat Enterprise Linux 7
All versions affected
Red Hat / Red Hat Enterprise Linux 9
All versions affected

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
access.redhat.com: https://access.redhat.com/errata/RHSA-2025:23228 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:0326 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:0332 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:0702 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:1831 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3077 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3165 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5578 access.redhat.com: https://access.redhat.com/security/cve/CVE-2025-11234 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2401209

Credits

Red Hat would like to thank Grant Millar (Cylo) for reporting this issue.