CVE-2025-24975 (GCVE-0-2025-24975)

Vulnerability from cvelistv5 – Published: 2025-08-15 15:11 – Updated: 2025-08-20 19:50
VLAI?
Title
Firebird Non-Authorized Access to Encrypted Database Using Execute Statement on External
Summary
Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when created versus what is available could result in a segfault in the server process. Encrypted databases, accessed by execute statement on external, may be accessed later by an attachment missing a key to that database. In a case when execute statement are chained, segfault may happen. Additionally, the segfault may affect unencrypted databases. This issue has been patched in snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609 and point releases 4.0.6 and 5.0.2. A workaround for this issue involves setting ExtConnPoolSize equal to 0 in firebird.conf.
Severity ?
7.1 (High)
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
CWE
  • CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
Impacted products
Vendor Product Version
FirebirdSQL firebird Affected: < 6.0.0.609
Affected: < 5.0.2.1610
Affected: < 4.0.6.3183
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24975",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-15T19:09:49.364643Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-15T19:09:59.992Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-08-20T19:50:53.827Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.vicarius.io/vsociety/posts/cve-2025-24975-detect-vulnerable-firebird"
          },
          {
            "url": "https://www.vicarius.io/vsociety/posts/cve-2025-24975-mitigate-firebird-vulnerability"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "firebird",
          "vendor": "FirebirdSQL",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 6.0.0.609"
            },
            {
              "status": "affected",
              "version": "\u003c 5.0.2.1610"
            },
            {
              "status": "affected",
              "version": "\u003c 4.0.6.3183"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when created versus what is available could result in a segfault in the server process. Encrypted databases, accessed by execute statement on external, may be accessed later by an attachment missing a key to that database. In a case when execute statement are chained, segfault may happen. Additionally, the segfault may affect unencrypted databases. This issue has been patched in snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609 and point releases 4.0.6 and 5.0.2. A workaround for this issue involves setting ExtConnPoolSize equal to 0 in firebird.conf."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-15T15:11:29.986Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-fx9r-rj68-7p69",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-fx9r-rj68-7p69"
        },
        {
          "name": "https://github.com/FirebirdSQL/firebird/issues/8429",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FirebirdSQL/firebird/issues/8429"
        },
        {
          "name": "https://github.com/FirebirdSQL/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FirebirdSQL/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6"
        }
      ],
      "source": {
        "advisory": "GHSA-fx9r-rj68-7p69",
        "discovery": "UNKNOWN"
      },
      "title": "Firebird Non-Authorized Access to Encrypted Database Using Execute Statement on External"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-24975",
    "datePublished": "2025-08-15T15:11:29.986Z",
    "dateReserved": "2025-01-29T15:18:03.211Z",
    "dateUpdated": "2025-08-20T19:50:53.827Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-24975\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-08-15T15:15:32.117\",\"lastModified\":\"2025-10-09T19:04:01.187\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when created versus what is available could result in a segfault in the server process. Encrypted databases, accessed by execute statement on external, may be accessed later by an attachment missing a key to that database. In a case when execute statement are chained, segfault may happen. Additionally, the segfault may affect unencrypted databases. This issue has been patched in snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609 and point releases 4.0.6 and 5.0.2. A workaround for this issue involves setting ExtConnPoolSize equal to 0 in firebird.conf.\"},{\"lang\":\"es\",\"value\":\"Firebird es una base de datos relacional. En versiones anteriores a las instant\u00e1neas 4.0.6.3183, 5.0.2.1610 y 6.0.0.609, Firebird era vulnerable si ExtConnPoolSize no se establec\u00eda en 0. Si no se verifica la presencia y la idoneidad de la interfaz CryptCallback al crear las conexiones almacenadas en ExtConnPool, y se utiliza en lugar de la disponible, podr\u00eda producirse una violaci\u00f3n de segmentaci\u00f3n en el proceso del servidor. Las bases de datos cifradas, a las que se accede mediante una sentencia de ejecuci\u00f3n externa, podr\u00edan ser accedidas posteriormente por un archivo adjunto que no tenga la clave de esa base de datos. Al encadenar sentencias de ejecuci\u00f3n, podr\u00eda producirse una violaci\u00f3n de segmentaci\u00f3n. Adem\u00e1s, esta violaci\u00f3n puede afectar a bases de datos no cifradas. Este problema se ha corregido en las instant\u00e1neas 4.0.6.3183, 5.0.2.1610 y 6.0.0.609, as\u00ed como en las versiones puntuales 4.0.6 y 5.0.2. Una soluci\u00f3n alternativa para este problema implica establecer ExtConnPoolSize igual a 0 en firebird.conf.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.6,\"impactScore\":5.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-754\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0.0\",\"versionEndExcluding\":\"4.0.6\",\"matchCriteriaId\":\"A077FF0A-B2BD-407F-8FAB-6B87824DBF56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0.0\",\"versionEndExcluding\":\"5.0.2\",\"matchCriteriaId\":\"1D676B31-1F76-4F55-9DD3-5402063FB560\"}]}]}],\"references\":[{\"url\":\"https://github.com/FirebirdSQL/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/FirebirdSQL/firebird/issues/8429\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-fx9r-rj68-7p69\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://www.vicarius.io/vsociety/posts/cve-2025-24975-detect-vulnerable-firebird\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.vicarius.io/vsociety/posts/cve-2025-24975-mitigate-firebird-vulnerability\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.vicarius.io/vsociety/posts/cve-2025-24975-detect-vulnerable-firebird\"}, {\"url\": \"https://www.vicarius.io/vsociety/posts/cve-2025-24975-mitigate-firebird-vulnerability\"}], \"x_generator\": {\"engine\": \"ADPogram 0.0.1\"}, \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-08-20T19:50:53.827Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-24975\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-15T19:09:49.364643Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-15T19:09:54.632Z\"}}], \"cna\": {\"title\": \"Firebird Non-Authorized Access to Encrypted Database Using Execute Statement on External\", \"source\": {\"advisory\": \"GHSA-fx9r-rj68-7p69\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"FirebirdSQL\", \"product\": \"firebird\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 6.0.0.609\"}, {\"status\": \"affected\", \"version\": \"\u003c 5.0.2.1610\"}, {\"status\": \"affected\", \"version\": \"\u003c 4.0.6.3183\"}]}], \"references\": [{\"url\": \"https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-fx9r-rj68-7p69\", \"name\": \"https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-fx9r-rj68-7p69\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/FirebirdSQL/firebird/issues/8429\", \"name\": \"https://github.com/FirebirdSQL/firebird/issues/8429\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/FirebirdSQL/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6\", \"name\": \"https://github.com/FirebirdSQL/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when created versus what is available could result in a segfault in the server process. Encrypted databases, accessed by execute statement on external, may be accessed later by an attachment missing a key to that database. In a case when execute statement are chained, segfault may happen. Additionally, the segfault may affect unencrypted databases. This issue has been patched in snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609 and point releases 4.0.6 and 5.0.2. A workaround for this issue involves setting ExtConnPoolSize equal to 0 in firebird.conf.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-754\", \"description\": \"CWE-754: Improper Check for Unusual or Exceptional Conditions\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-08-15T15:11:29.986Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-24975\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-20T19:50:53.827Z\", \"dateReserved\": \"2025-01-29T15:18:03.211Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-08-15T15:11:29.986Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.