Null Pointer Dereference Vulnerability in Bloomberg Comdb2 Database
CVE-2025-48498

7.5HIGH

Key Information:

Vendor: Bloomberg
Status: Comdb2
Vendor: CVE Published:; 22 July 2025

What is CVE-2025-48498?

A null pointer dereference issue exists in the Distributed Transaction component of Bloomberg Comdb2 8.1. When processing specific fields utilized for coordination, the vulnerability can be exploited by an attacker who connects to a database instance via TCP and sends a specially crafted protocol buffer message. This exploitation could result in interruptions to the service, causing a denial of service. Organizations using affected versions are urged to apply updates to minimize potential disruptions.

Affected Version(s)

Comdb2 8.1

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 22, 2025
Vulnerability Reserved
May 22, 2025

Credit

Discovered by a member of Cisco Talos.