Null Pointer Dereference Vulnerability in Bloomberg Comdb2 Database
CVE-2025-48498

7.5HIGH

Key Information:

Vendor: Bloomberg
Status: Comdb2
Vendor: CVE Published:; 22 July 2025

What is CVE-2025-48498?

A null pointer dereference issue exists in the Distributed Transaction component of Bloomberg Comdb2 8.1. When processing specific fields utilized for coordination, the vulnerability can be exploited by an attacker who connects to a database instance via TCP and sends a specially crafted protocol buffer message. This exploitation could result in interruptions to the service, causing a denial of service. Organizations using affected versions are urged to apply updates to minimize potential disruptions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Comdb2 8.1

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 22, 2025
Vulnerability Reserved
May 22, 2025

Credit

Discovered by a member of Cisco Talos.

JSON

Bloomberg

What is CVE-2025-48498?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.