Null Pointer Dereference in Bloomberg Comdb2 Network Protocol
CVE-2025-36520

7.5HIGH

Key Information:

Vendor: Bloomberg
Status: Comdb2
Vendor: CVE Published:; 22 July 2025

What is CVE-2025-36520?

A null pointer dereference vulnerability exists within the net_connectmsg Protocol Buffer Message functionality of Bloomberg Comdb2 version 8.1. By sending specially crafted network packets, an attacker may exploit this vulnerability to trigger a denial of service condition, disrupting the normal functionality of the application. It is crucial for organizations using this version of Comdb2 to assess their networks for potential exposure and to implement appropriate security measures to mitigate the risk.

Affected Version(s)

Comdb2 8.1

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 22, 2025
Vulnerability Reserved
May 22, 2025

Credit

Discovered by a member of Cisco Talos.