7.5

CVE-2025-54989

Media report

EPSS 0.11%
Published 15.08.2025 15:15:32
Last modified 22.08.2025 15:00:46
Source security-advisories@github.com
Teams watchlist Login
Open Login

Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference denial-of-service vulnerability in Firebird. This specific flaw exists within the parsing of xdr message from client. It leads to NULL pointer dereference and DoS. This issue has been patched in versions 3.0.13, 4.0.6, and 5.0.3.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Firebirdsql ≫ Firebird Version < 3.0.13

Firebirdsql ≫ Firebird Version >= 4.0.0 < 4.0.6

Firebirdsql ≫ Firebird Version >= 5.0.0 < 5.0.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.11%	0.306

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security-advisories@github.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://www.heise.de/news/Firebird-Datenbank-DoS-Schwachstellen-und-potenziell-unbefugte-Zugriffe-10539106.html

Medienbericht

heise Security

https://github.com/FirebirdSQL/firebird/commit/169da595f8693fc1a65a79c741724b1bc8db9f25

Patch

https://github.com/FirebirdSQL/firebird/issues/8554

Issue Tracking

https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7qp6-hqxj-pjjp

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-54989

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-54989

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-54989

EUVD