{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-16T19:07:01.537","vulnerabilities":[{"cve":{"id":"CVE-2025-0725","sourceIdentifier":"2499f714-1537-4658-8207-48ae4bb9eae9","published":"2025-02-05T10:15:22.980","lastModified":"2025-06-27T19:24:08.327","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow."},{"lang":"es","value":"Cuando se le solicita a libcurl que realice una descompresión gzip automática de respuestas HTTP codificadas con contenido con la opción `CURLOPT_ACCEPT_ENCODING`, **usando zlib 1.2.0.3 o anterior**, un desbordamiento de entero controlado por un atacante haría que libcurl realice un desbordamiento de búfer."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-120"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:hci_baseboard_management_controller:-:*:*:*:*:*:*:*","matchCriteriaId":"C93821CF-3117-4763-8163-DD49F6D2CA8E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:hci_h610s_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"910D39ED-5E36-42F2-B824-E7F4A2ED0BD7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:hci_h610s:-:*:*:*:*:*:*:*","matchCriteriaId":"33960CC8-DC73-4E15-8A19-686F5F528006"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:hci_h610c_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"A9BC74D7-687D-46AA-862F-D755A3D1AA05"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:hci_h610c:-:*:*:*:*:*:*:*","matchCriteriaId":"436851DF-1531-40CE-8C71-561978877E27"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:hci_h615c_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7AEAE936-CBDA-4C3A-B139-BE9C86EC6CB7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:hci_h615c:-:*:*:*:*:*:*:*","matchCriteriaId":"D471C87E-D861-4AC7-9418-900858C5BF24"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*","matchCriteriaId":"D6D700C5-F67F-4FFB-BE69-D524592A3D2E"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:solidfire_\\&_hci_storage_node:-:*:*:*:*:*:*:*","matchCriteriaId":"D452B464-1200-4B72-9A89-42DC58486191"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*","versionStartIncluding":"7.10.5","versionEndExcluding":"8.12.0","matchCriteriaId":"34EA884B-6BF6-4F00-B302-CA48450A28D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*","versionStartIncluding":"7.10.5","versionEndExcluding":"8.12.0","matchCriteriaId":"00A479A7-7885-4086-A577-C2E7E95FEADA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2.0.3","matchCriteriaId":"5D0F980D-04BB-436F-BD57-D8626701839E"}]}]}],"references":[{"url":"https://curl.se/docs/CVE-2025-0725.html","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Vendor Advisory"]},{"url":"https://curl.se/docs/CVE-2025-0725.json","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Vendor Advisory"]},{"url":"https://hackerone.com/reports/2956023","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Exploit","Issue Tracking"]},{"url":"http://www.openwall.com/lists/oss-security/2025/02/05/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2025/02/06/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2025/02/06/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://security.netapp.com/advisory/ntap-20250306-0009/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}