Information Leak in Firebird Database Management System
CVE-2025-65104

7.9HIGH

Key Information:

Vendor: Firebirdsql
Status: Firebird
Vendor: CVE Published:; 17 April 2026

🔔 Create Firebirdsql Vulnerability Alert

What is CVE-2025-65104?

An information leak vulnerability has been identified in the Firebird Database Management System, particularly affecting versions of the FB3 client library. This issue arises when the client library communicates with FB4 or higher servers, leading to incorrect data length values being placed into XSQLDA fields. As a result, unauthorized access to potentially sensitive information may occur. To mitigate this risk, users are strongly advised to upgrade to the FB4 client or higher, ensuring robust security and performance.

Affected Version(s)

firebird < 4.0.0

References

https://github.com/FirebirdSQL/firebird/security/advisori...

x_refsource_CONFIRM

https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.0

x_refsource_MISC

CVSS V3.1

Score:

7.9

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2026
Vulnerability Reserved
Nov 17, 2025

CVE-2025-65104 Data

JSON