CVE-2025-24975 (GCVE-0-2025-24975)
Vulnerability from cvelistv5
Published
2025-08-15 15:11
Modified
2025-08-20 19:50
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
CWE
  • CWE-754 - Improper Check for Unusual or Exceptional Conditions
Summary
Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when created versus what is available could result in a segfault in the server process. Encrypted databases, accessed by execute statement on external, may be accessed later by an attachment missing a key to that database. In a case when execute statement are chained, segfault may happen. Additionally, the segfault may affect unencrypted databases. This issue has been patched in snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609 and point releases 4.0.6 and 5.0.2. A workaround for this issue involves setting ExtConnPoolSize equal to 0 in firebird.conf.
References
Impacted products
Vendor Product Version
FirebirdSQL firebird Version: < 6.0.0.609
Version: < 5.0.2.1610
Version: < 4.0.6.3183
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24975",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-15T19:09:49.364643Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-15T19:09:59.992Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-08-20T19:50:53.827Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.vicarius.io/vsociety/posts/cve-2025-24975-detect-vulnerable-firebird"
          },
          {
            "url": "https://www.vicarius.io/vsociety/posts/cve-2025-24975-mitigate-firebird-vulnerability"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "firebird",
          "vendor": "FirebirdSQL",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 6.0.0.609"
            },
            {
              "status": "affected",
              "version": "\u003c 5.0.2.1610"
            },
            {
              "status": "affected",
              "version": "\u003c 4.0.6.3183"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when created versus what is available could result in a segfault in the server process. Encrypted databases, accessed by execute statement on external, may be accessed later by an attachment missing a key to that database. In a case when execute statement are chained, segfault may happen. Additionally, the segfault may affect unencrypted databases. This issue has been patched in snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609 and point releases 4.0.6 and 5.0.2. A workaround for this issue involves setting ExtConnPoolSize equal to 0 in firebird.conf."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-15T15:11:29.986Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-fx9r-rj68-7p69",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-fx9r-rj68-7p69"
        },
        {
          "name": "https://github.com/FirebirdSQL/firebird/issues/8429",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FirebirdSQL/firebird/issues/8429"
        },
        {
          "name": "https://github.com/FirebirdSQL/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FirebirdSQL/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6"
        }
      ],
      "source": {
        "advisory": "GHSA-fx9r-rj68-7p69",
        "discovery": "UNKNOWN"
      },
      "title": "Firebird Non-Authorized Access to Encrypted Database Using Execute Statement on External"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-24975",
    "datePublished": "2025-08-15T15:11:29.986Z",
    "dateReserved": "2025-01-29T15:18:03.211Z",
    "dateUpdated": "2025-08-20T19:50:53.827Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-24975\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-08-15T15:15:32.117\",\"lastModified\":\"2025-10-09T19:04:01.187\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when created versus what is available could result in a segfault in the server process. Encrypted databases, accessed by execute statement on external, may be accessed later by an attachment missing a key to that database. In a case when execute statement are chained, segfault may happen. Additionally, the segfault may affect unencrypted databases. This issue has been patched in snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609 and point releases 4.0.6 and 5.0.2. A workaround for this issue involves setting ExtConnPoolSize equal to 0 in firebird.conf.\"},{\"lang\":\"es\",\"value\":\"Firebird es una base de datos relacional. En versiones anteriores a las instant\u00e1neas 4.0.6.3183, 5.0.2.1610 y 6.0.0.609, Firebird era vulnerable si ExtConnPoolSize no se establec\u00eda en 0. Si no se verifica la presencia y la idoneidad de la interfaz CryptCallback al crear las conexiones almacenadas en ExtConnPool, y se utiliza en lugar de la disponible, podr\u00eda producirse una violaci\u00f3n de segmentaci\u00f3n en el proceso del servidor. Las bases de datos cifradas, a las que se accede mediante una sentencia de ejecuci\u00f3n externa, podr\u00edan ser accedidas posteriormente por un archivo adjunto que no tenga la clave de esa base de datos. Al encadenar sentencias de ejecuci\u00f3n, podr\u00eda producirse una violaci\u00f3n de segmentaci\u00f3n. Adem\u00e1s, esta violaci\u00f3n puede afectar a bases de datos no cifradas. Este problema se ha corregido en las instant\u00e1neas 4.0.6.3183, 5.0.2.1610 y 6.0.0.609, as\u00ed como en las versiones puntuales 4.0.6 y 5.0.2. Una soluci\u00f3n alternativa para este problema implica establecer ExtConnPoolSize igual a 0 en firebird.conf.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.6,\"impactScore\":5.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-754\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0.0\",\"versionEndExcluding\":\"4.0.6\",\"matchCriteriaId\":\"A077FF0A-B2BD-407F-8FAB-6B87824DBF56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0.0\",\"versionEndExcluding\":\"5.0.2\",\"matchCriteriaId\":\"1D676B31-1F76-4F55-9DD3-5402063FB560\"}]}]}],\"references\":[{\"url\":\"https://github.com/FirebirdSQL/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/FirebirdSQL/firebird/issues/8429\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-fx9r-rj68-7p69\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://www.vicarius.io/vsociety/posts/cve-2025-24975-detect-vulnerable-firebird\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.vicarius.io/vsociety/posts/cve-2025-24975-mitigate-firebird-vulnerability\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.vicarius.io/vsociety/posts/cve-2025-24975-detect-vulnerable-firebird\"}, {\"url\": \"https://www.vicarius.io/vsociety/posts/cve-2025-24975-mitigate-firebird-vulnerability\"}], \"x_generator\": {\"engine\": \"ADPogram 0.0.1\"}, \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-08-20T19:50:53.827Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-24975\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-15T19:09:49.364643Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-15T19:09:54.632Z\"}}], \"cna\": {\"title\": \"Firebird Non-Authorized Access to Encrypted Database Using Execute Statement on External\", \"source\": {\"advisory\": \"GHSA-fx9r-rj68-7p69\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"FirebirdSQL\", \"product\": \"firebird\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 6.0.0.609\"}, {\"status\": \"affected\", \"version\": \"\u003c 5.0.2.1610\"}, {\"status\": \"affected\", \"version\": \"\u003c 4.0.6.3183\"}]}], \"references\": [{\"url\": \"https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-fx9r-rj68-7p69\", \"name\": \"https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-fx9r-rj68-7p69\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/FirebirdSQL/firebird/issues/8429\", \"name\": \"https://github.com/FirebirdSQL/firebird/issues/8429\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/FirebirdSQL/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6\", \"name\": \"https://github.com/FirebirdSQL/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when created versus what is available could result in a segfault in the server process. Encrypted databases, accessed by execute statement on external, may be accessed later by an attachment missing a key to that database. In a case when execute statement are chained, segfault may happen. Additionally, the segfault may affect unencrypted databases. This issue has been patched in snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609 and point releases 4.0.6 and 5.0.2. A workaround for this issue involves setting ExtConnPoolSize equal to 0 in firebird.conf.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-754\", \"description\": \"CWE-754: Improper Check for Unusual or Exceptional Conditions\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-08-15T15:11:29.986Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-24975\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-20T19:50:53.827Z\", \"dateReserved\": \"2025-01-29T15:18:03.211Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-08-15T15:11:29.986Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.