What is CVE-2025-21683?

A medium severity vulnerability has been identified in the Linux kernel affecting versions 5.8 to 6.12.11. Organizations should prioritize patching to mitigate risks associated with potential memory leaks.

What is the severity of CVE-2025-21683?

CVE-2025-21683 has a severity rating of MEDIUM with a CVSS base score of 5.5.

CVE-2025-21683 | Medium Vulnerability in Linux Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix bpf_sk_select_reuseport() memory leak. As pointed out in the original comment, lookup in sockmap can return a TCP ESTABLISHED socket. Such TCP socket may have had SO_ATTACH_REUSEPORT_EBPF set before it was ESTABLISHED. In other words, a non-NULL sk_reuseport_cb does not imply a non-refcounted socket. Drop sk's reference in both error paths.

Risk to organizations includes potential memory leaks that can lead to resource exhaustion and denial of service. The vulnerability has a CVSS score of 5.5, indicating a medium severity level. This score reflects a local attack vector with low complexity, requiring low privileges and no user interaction, resulting in high availability impact.

Organizations should prioritize patching immediately. The last modified date of the vulnerability was on May 12, 2026, and organizations are urged to address this issue in their patch management cycles to minimize potential risks.

No known exploits are associated with this vulnerability, and it is not included in the Known Exploited Vulnerabilities (KEV) catalog. However, organizations should remain vigilant and apply the necessary patches.

Vulnerability Details

In the Linux kernel, the bpf_sk_select_reuseport() memory leak has been addressed. This issue can potentially lead to resource exhaustion due to unreferenced objects being retained in memory.

The CVSS score of 5.5 categorizes this vulnerability as medium severity, indicating that while the threat exists, it requires specific conditions to be exploited. The affected product is the Linux kernel, specifically versions from 5.8 to 6.12.11.

Technical Analysis

The root cause of this vulnerability stems from improper reference management within the kernel's socket handling code. The attack vector is local, meaning that an attacker must have access to the system to exploit this vulnerability.

The attack complexity is low, as it can be exploited without significant effort. Privileges required are low, and no user interaction is necessary for the exploit to succeed. The availability impact is high, potentially leading to denial of service due to the memory leak.

Risk & Impact Analysis

The risk to organizations includes the potential for service disruptions due to resource exhaustion as a result of this vulnerability. With a high availability impact, the blast radius could affect multiple services running on the kernel.

The urgency for organizations to address this vulnerability is moderate. Given its CVSS score of 5.5, it should be prioritized in the patch management cycle. The lack of known exploits reduces immediate risk but does not eliminate the need for prompt remediation.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The following versions of the Linux kernel are affected: 5.8 to below 5.15.177, 5.16 to below 6.1.127, 6.2 to below 6.6.74, and 6.7 to below 6.12.11. Additionally, all release candidates of version 6.13 are also vulnerable.

Mitigation & Remediation

To mitigate this vulnerability, organizations should apply the latest patches provided by the Linux kernel maintainers. Version 6.13 and above should be used to ensure that the memory leak issue is resolved. If patches are unavailable, organizations should consider implementing configuration hardening and network controls to reduce exposure.

For additional guidance, organizations may refer to the penetration testing services to validate their security posture.

Detection Guidance

Organizations should monitor logs for unusual socket behavior, track instances of socket memory allocation failures, and observe any unexpected system crashes or performance degradation.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability highlights the importance of robust memory management in kernel development. The pattern of memory leaks in kernel space remains a critical concern for security teams, emphasizing the need for continuous scrutiny and proactive measures.

Organizations should consider adopting vulnerability management programs to better identify and mitigate similar risks in the future.

Additionally, leveraging penetration testing methodologies can provide valuable insights into potential vulnerabilities within the Linux kernel and other critical systems.

Finally, incorporating cloud security assessments can further enhance an organization's ability to detect and respond to vulnerabilities effectively.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-21683: Medium Vulnerability in Linux Linux Kernel