CVE-2025-0725

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-0725
When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.

7.3 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://curl.se/docs/CVE-2025-0725.html
https://curl.se/docs/CVE-2025-0725.json
https://hackerone.com/reports/2956023
http://www.openwall.com/lists/oss-security/2025/02/05/3
http://www.openwall.com/lists/oss-security/2025/02/06/2
http://www.openwall.com/lists/oss-security/2025/02/06/4
https://security.netapp.com/advisory/ntap-20250306-0009/
Configurations

No configuration.

History

07 Mar 2025, 01:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20250306-0009/ -

06 Feb 2025, 19:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2025/02/06/4 -

06 Feb 2025, 11:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2025/02/06/2 -
Summary
  • (es) Cuando se le solicita a libcurl que realice una descompresión gzip automática de respuestas HTTP codificadas con contenido con la opción `CURLOPT_ACCEPT_ENCODING`, **usando zlib 1.2.0.3 o anterior**, un desbordamiento de entero controlado por un atacante haría que libcurl realice un desbordamiento de búfer.

05 Feb 2025, 15:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.3

05 Feb 2025, 11:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2025/02/05/3 -

05 Feb 2025, 10:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-02-05 10:15

Updated : 2025-03-07 01:15

NVD link : CVE-2025-0725

Mitre link : CVE-2025-0725

CVE.ORG link : CVE-2025-0725

JSON object : View

Products Affected

No product.

CWE

No CWE.