CVE-2025-6375Improper Resource Shutdown or Release in Poco

CWE-404Improper Resource Shutdown or ReleaseCWE-476NULL Pointer Dereference5 documents5 sources
Severity
4.8MEDIUMNVD
EPSS
0.1%
top 81.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Pocoproject Poco
Timeline
PublishedJun 21
Latest updateJun 23

Description

A vulnerability was found in poco up to 1.14.1. It has been rated as problematic. Affected by this issue is the function MultipartInputStream of the file Net/src/MultipartReader.cpp. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.14.2 is able to address this issue. The patch is identified as 6f2f85913c191ab9ddfb8fae781f5d66afccf3bf. It is recommended to upgrade the

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages3 packages

NVDpocoproject/poco< 1.14.2
Debianpocoproject/poco< 1.14.2-2
CVEListV5pocoproject/poco1.14.0, 1.14.1+1

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-xwcq-qmxg-r8f4: A vulnerability was found in poco up to 12025-06-23
CVEList
poco MultipartReader.cpp MultipartInputStream null pointer dereference2025-06-21
OSV
CVE-2025-6375: A vulnerability was found in poco up to 12025-06-21

📋Vendor Advisories

1
Debian
CVE-2025-6375: poco - A vulnerability was found in poco up to 1.14.1. It has been rated as problematic...2025
CVE-2025-6375 — Improper Resource Shutdown or Release | cvebase