8.8

CVE-2025-24975

Medienbericht
Exploit

Firebird Non-Authorized Access to Encrypted Database Using Execute Statement on External

Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when created versus what is available could result in a segfault in the server process. Encrypted databases, accessed by execute statement on external, may be accessed later by an attachment missing a key to that database. In a case when execute statement are chained, segfault may happen. Additionally, the segfault may affect unencrypted databases. This issue has been patched in snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609 and point releases 4.0.6 and 5.0.2. A workaround for this issue involves setting ExtConnPoolSize equal to 0 in firebird.conf.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FirebirdsqlFirebird Version >= 4.0.0 < 4.0.6
FirebirdsqlFirebird Version >= 5.0.0 < 5.0.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.47% 0.372
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com 7.1 1.6 5.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
18.08.2025 09:27
https://github.com/FirebirdSQL/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6
Patch
https://github.com/FirebirdSQL/firebird/issues/8429
Issue Tracking
https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-fx9r-rj68-7p69
Vendor Advisory
Mitigation
https://www.vicarius.io/vsociety/posts/cve-2025-24975-detect-vulnerable-firebird
Third Party Advisory
Exploit
https://www.vicarius.io/vsociety/posts/cve-2025-24975-mitigate-firebird-vulnerability
Third Party Advisory
Exploit