{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T14:05:25.495","vulnerabilities":[{"cve":{"id":"CVE-2025-24975","sourceIdentifier":"security-advisories@github.com","published":"2025-08-15T15:15:32.117","lastModified":"2025-10-09T19:04:01.187","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when created versus what is available could result in a segfault in the server process. Encrypted databases, accessed by execute statement on external, may be accessed later by an attachment missing a key to that database. In a case when execute statement are chained, segfault may happen. Additionally, the segfault may affect unencrypted databases. This issue has been patched in snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609 and point releases 4.0.6 and 5.0.2. A workaround for this issue involves setting ExtConnPoolSize equal to 0 in firebird.conf."},{"lang":"es","value":"Firebird es una base de datos relacional. En versiones anteriores a las instantáneas 4.0.6.3183, 5.0.2.1610 y 6.0.0.609, Firebird era vulnerable si ExtConnPoolSize no se establecía en 0. Si no se verifica la presencia y la idoneidad de la interfaz CryptCallback al crear las conexiones almacenadas en ExtConnPool, y se utiliza en lugar de la disponible, podría producirse una violación de segmentación en el proceso del servidor. Las bases de datos cifradas, a las que se accede mediante una sentencia de ejecución externa, podrían ser accedidas posteriormente por un archivo adjunto que no tenga la clave de esa base de datos. Al encadenar sentencias de ejecución, podría producirse una violación de segmentación. Además, esta violación puede afectar a bases de datos no cifradas. Este problema se ha corregido en las instantáneas 4.0.6.3183, 5.0.2.1610 y 6.0.0.609, así como en las versiones puntuales 4.0.6 y 5.0.2. Una solución alternativa para este problema implica establecer ExtConnPoolSize igual a 0 en firebird.conf."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":5.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-754"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.0.6","matchCriteriaId":"A077FF0A-B2BD-407F-8FAB-6B87824DBF56"},{"vulnerable":true,"criteria":"cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.0.2","matchCriteriaId":"1D676B31-1F76-4F55-9DD3-5402063FB560"}]}]}],"references":[{"url":"https://github.com/FirebirdSQL/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/FirebirdSQL/firebird/issues/8429","source":"security-advisories@github.com","tags":["Issue Tracking"]},{"url":"https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-fx9r-rj68-7p69","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://www.vicarius.io/vsociety/posts/cve-2025-24975-detect-vulnerable-firebird","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.vicarius.io/vsociety/posts/cve-2025-24975-mitigate-firebird-vulnerability","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}