Segmentation Fault Vulnerability in Firebird Relational Database Affecting Multiple Versions
CVE-2025-24975

7.1HIGH

Key Information:

Vendor

Firebirdsql

Status
Firebird
Vendor
CVE Published:
15 August 2025

What is CVE-2025-24975?

Firebird, a widely used relational database, is susceptible to a segmentation fault when ExtConnPoolSize is not properly configured to zero. This vulnerability arises when connections in the external connection pool are not adequately verified, potentially leading to severe server process crashes. An attacker could exploit this issue, particularly affecting secure database transactions involving an unverified CryptCallback interface. The flaw could also disrupt access to both encrypted and unencrypted databases through chained execute statements. Users are advised to update to the latest snapshot versions or set ExtConnPoolSize to zero in the configuration file as a temporary mitigation measure.

Affected Version(s)

firebird < 6.0.0.609 < 6.0.0.609

firebird < 5.0.2.1610 < 5.0.2.1610

firebird < 4.0.6.3183 < 4.0.6.3183

References

https://github.com/FirebirdSQL/firebird/security/advisori...
x_refsource_CONFIRM
https://github.com/FirebirdSQL/firebird/issues/8429
x_refsource_MISC
https://github.com/FirebirdSQL/firebird/commit/658abd2044...
x_refsource_MISC

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-24975 : Segmentation Fault Vulnerability in Firebird Relational Database Affecting Multiple Versions