CVE-2025-24975Improper Check for Unusual or Exceptional Conditions in Firebird

CWE-754Improper Check for Unusual or Exceptional Conditions4 documents4 sources
Severity
8.8HIGHNVD
CNA7.1
EPSS
0.1%
top 76.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Firebirdsql Firebird
Timeline
PublishedAug 15

Description

Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when created versus what is available could result in a segfault in the server process. Encrypted databases, accessed by execute statement on external, may be accessed later by an attachment missing a key to that

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5firebirdsql/firebird< 6.0.0.609+2
NVDfirebirdsql/firebird4.0.04.0.6+1

Patches

Patch: github.com

🔴Vulnerability Details

2
OSV
CVE-2025-24975: Firebird is a relational database2025-08-15
CVEList
Firebird Non-Authorized Access to Encrypted Database Using Execute Statement on External2025-08-15

📋Vendor Advisories

1
Debian
CVE-2025-24975: firebird3.0 - Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2....2025
CVE-2025-24975 — Firebirdsql Firebird vulnerability | cvebase