cve 2025 6395

CVE-2025-6395 is a newly published vulnerability in GnuTLS that allows a remote attacker to trigger a NULL pointer dereference in the _gnutls_figure_common_ciphersuite() routine, leading to memory corruption and reliable denial-of-service (DoS) outcomes for processes parsing crafted template settings. Upstream maintainers have released a fix, and vendors have begun shipping patched packages. However, many environments remain at risk until container images and statically linked binaries are rebuilt. This tag covers discussions on patching, rebuilding, and mitigating the DoS risk associated with CVE-2025-6395 in GnuTLS.