CVE-2025-65104
published 2026-04-17CVE-2025-65104: Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields…
PriorityP341high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.18%
8.3th percentile
Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or higher.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| firebirdsql | firebird | < 4.0.0 | 4.0.0 |
| firebirdsql | firebird | < 3.0.14 | 3.0.14 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2025-65104 firebird: Firebird Client: Information leak when communicating with newer servers [fedora-all]
bugzilla·2026-04-17·CVSS 7.9
CVE-2025-65104 [HIGH] CVE-2025-65104 firebird: Firebird Client: Information leak when communicating with newer servers [fedora-all]
CVE-2025-65104 firebird: Firebird Client: Information leak when communicating with newer servers [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2025-65104 firebird: Firebird Client: Information leak when communicating with newer servers [epel-all]
bugzilla·2026-04-17·CVSS 7.9
CVE-2025-65104 [HIGH] CVE-2025-65104 firebird: Firebird Client: Information leak when communicating with newer servers [epel-all]
CVE-2025-65104 firebird: Firebird Client: Information leak when communicating with newer servers [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2025-65104 Firebird: firebird3 client: FirebirdSQL/firebird: Firebird Client: Information leak when communicating with newer servers
bugzilla·2026-04-17·CVSS 7.9
CVE-2025-65104 [HIGH] CVE-2025-65104 Firebird: firebird3 client: FirebirdSQL/firebird: Firebird Client: Information leak when communicating with newer servers
CVE-2025-65104 Firebird: firebird3 client: FirebirdSQL/firebird: Firebird Client: Information leak when communicating with newer servers
Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or higher.
2026-04-17
Published