CVE-2025-54989
firebird3.0 - security update
7.5
HIGH
CVSS 3.1
EPSS 0.32%
Description
Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference denial-of-service vulnerability in Firebird. This specific flaw exists within the parsing of xdr message from client. It leads to NULL pointer dereference and DoS. This issue has been patched in versions 3.0.13, 4.0.6, and 5.0.3.
How to fix CVE-2025-54989
To remediate CVE-2025-54989, upgrade the affected package to a fixed version below.
- —upgrade to 3.0.7.33374.ds4-2+deb11u1 or later
- —upgrade to 3.0.7.33374.ds4-2+deb11u1 or later
- —upgrade to 4.0.5.3140.ds6-17+deb13u1 or later
Is CVE-2025-54989 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 3.0.7.33374.ds4-2+deb11u1
- from 0, < 3.0.7.33374.ds4-2+deb11u1
- from 0, < 4.0.5.3140.ds6-17+deb13u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |