7.5

CVE-2025-54989

Medienbericht

EPSS 0.29%
Veröffentlicht 15.08.2025 15:15:32
Zuletzt bearbeitet 03.11.2025 19:16:11
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Firebird XDR Message Parsing NULL Pointer Dereference Denial-of-Service Vulnerability

Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference denial-of-service vulnerability in Firebird. This specific flaw exists within the parsing of xdr message from client. It leads to NULL pointer dereference and DoS. This issue has been patched in versions 3.0.13, 4.0.6, and 5.0.3.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

NVD 3 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Firebirdsql ≫ Firebird Version < 3.0.13

Firebirdsql ≫ Firebird Version >= 4.0.0 < 4.0.6

Firebirdsql ≫ Firebird Version >= 5.0.0 < 5.0.3

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.29%	0.526

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security-advisories@github.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://www.heise.de/news/Firebird-Datenbank-DoS-Schwachstellen-und-potenziell-unbefugte-Zugriffe-10539106.html

Media Report

https://github.com/FirebirdSQL/firebird/commit/169da595f8693fc1a65a79c741724b1bc8db9f25

Patch

https://github.com/FirebirdSQL/firebird/issues/8554

Issue Tracking

https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7qp6-hqxj-pjjp

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2025/08/msg00021.html

https://nvd.nist.gov/vuln/detail/CVE-2025-54989

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-54989

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-54989

EUVD