CVE-2025-30347 — Out-of-bounds Read in Varnish Enterprise

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

7.5HIGHNVD

CNA4.0

EPSS

0.1%

top 75.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Varnish-software Varnish Enterprise

Timeline

PublishedMar 21

Description

Varnish Enterprise before 6.0.13r13 allows remote attackers to obtain sensitive information via an out-of-bounds read for range requests on ephemeral MSE4 stevedore objects.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5varnish-software/varnish_enterprise6 — 6.0.13r13

▶NVDvarnish-software/varnish_enterprise6.0.13

🔴Vulnerability Details

CVEList

CVE-2025-30347: Varnish Enterprise before 6↗2025-03-21

▶

GHSA

GHSA-ccgv-pvfh-c426: Varnish Enterprise before 6↗2025-03-21

▶