CVE-2025-0725
HIGH severity · CVSS 7.3 · Buffer overflow
7.3CVSS HIGH
Summary
When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges requiredNone
User interactionNone
Confidentiality impactLow
Integrity impactLow
Availability impactLow
Exploit probability (EPSS)1%
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Official patch: https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7 ↗
Additional information
- NVD record
- https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7Patch
- https://curl.se/docs/CVE-2025-0725.htmlAdvisory
- https://curl.se/docs/CVE-2025-0725.jsonAdvisory
- http://www.openwall.com/lists/oss-security/2025/02/05/3
- http://www.openwall.com/lists/oss-security/2025/02/06/2
- http://www.openwall.com/lists/oss-security/2025/02/06/4
- https://security.netapp.com/advisory/ntap-20250306-0009/Advisory
- https://hackerone.com/reports/2956023Exploit