CVE-2025-54989 — NULL Pointer Dereference in Firebird

CWE-476 — NULL Pointer Dereference4 documents4 sources

Severity

7.5HIGHNVD

CNA5.3

EPSS

0.2%

top 59.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Firebirdsql Firebird

Timeline

PublishedAug 15

Description

Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference denial-of-service vulnerability in Firebird. This specific flaw exists within the parsing of xdr message from client. It leads to NULL pointer dereference and DoS. This issue has been patched in versions 3.0.13, 4.0.6, and 5.0.3.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5firebirdsql/firebird< 4.0.6+2

▶NVDfirebirdsql/firebird4.0.0 — 4.0.6+2

Patches

Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2025-54989: Firebird is a relational database↗2025-08-15

▶

CVEList

Firebird XDR Message Parsing NULL Pointer Dereference Denial-of-Service Vulnerability↗2025-08-15

▶

📋Vendor Advisories

Debian

CVE-2025-54989: firebird3.0 - Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, t...↗2025

▶