CVE-2025-24975
- Source
- https://cve.org/CVERecord?id=CVE-2025-24975
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-24975.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-24975
- Aliases
-
- GHSA-fx9r-rj68-7p69
- Downstream
- Published
- 2025-08-15T15:11:29.986Z
- Modified
- 2026-03-12T20:08:23.243771Z
- Severity
-
- 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L CVSS Calculator
- Summary
- Firebird Non-Authorized Access to Encrypted Database Using Execute Statement on External
- Details
-
Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when created versus what is available could result in a segfault in the server process. Encrypted databases, accessed by execute statement on external, may be accessed later by an attachment missing a key to that database. In a case when execute statement are chained, segfault may happen. Additionally, the segfault may affect unencrypted databases. This issue has been patched in snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609 and point releases 4.0.6 and 5.0.2. A workaround for this issue involves setting ExtConnPoolSize equal to 0 in firebird.conf.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-754" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/24xxx/CVE-2025-24975.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/24xxx/CVE-2025-24975.json
- https://github.com/FirebirdSQL/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6
- https://github.com/FirebirdSQL/firebird/issues/8429
- https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-fx9r-rj68-7p69
- https://nvd.nist.gov/vuln/detail/CVE-2025-24975
- https://www.vicarius.io/vsociety/posts/cve-2025-24975-detect-vulnerable-firebird
- https://www.vicarius.io/vsociety/posts/cve-2025-24975-mitigate-firebird-vulnerability
Affected packages
Git / github.com/firebirdsql/firebird
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-24975.json"
vanir_signatures
[
{
"signature_version": "v1",
"target": {
"file": "src/jrd/extds/ExtDS.cpp",
"function": "ConnectionsPool::getConnection"
},
"source": "https://github.com/firebirdsql/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6",
"deprecated": false,
"digest": {
"function_hash": "55311723242684671260674411270345718494",
"length": 642.0
},
"id": "CVE-2025-24975-0ddeb6d2",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "src/remote/remote.h"
},
"source": "https://github.com/firebirdsql/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6",
"deprecated": false,
"digest": {
"line_hashes": [
"4749606912336972072466990037597515246",
"173619213816435229825322477208387423467",
"150969912086984586152910332474301545498",
"196887898260202600848109245219206697295",
"261170013570277586690869546858877199202",
"188593775260183434804133309582073857176",
"339334482049475267959399558732792457840",
"262731513111978669051911378345946999638",
"258461088594448568024523066189306405287"
],
"threshold": 0.9
},
"id": "CVE-2025-24975-4586f38f",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "src/jrd/extds/InternalDS.cpp"
},
"source": "https://github.com/firebirdsql/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6",
"deprecated": false,
"digest": {
"line_hashes": [
"55477215499342459226594402689888932965",
"114275713555305743252985731354879553770",
"122659474282618548812992902521888753987",
"229636138029539242673735392397005117207",
"61667917254199486031172033105564349721",
"112919716308802005488908066242637927475",
"142457458746848965495713322874547815930",
"33012140134721589188138360247970674574",
"122543964655984727125362602266490817870",
"243710521035577434819564007914467195161",
"26558772136734354227003388636891271528",
"74263334985774967697434704848844180741"
],
"threshold": 0.9
},
"id": "CVE-2025-24975-64969a74",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "src/jrd/extds/IscDS.cpp"
},
"source": "https://github.com/firebirdsql/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6",
"deprecated": false,
"digest": {
"line_hashes": [
"207307729142451672168881927260948958162",
"59280264340270558667159938062360554768",
"241458201489624911520920435313426906977",
"306258540370631856525742715134185579633"
],
"threshold": 0.9
},
"id": "CVE-2025-24975-68088a09",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "examples/dbcrypt/CryptApplication.cpp"
},
"source": "https://github.com/firebirdsql/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6",
"deprecated": false,
"digest": {
"line_hashes": [
"207575974156377284436632776578762096063",
"176243398523904978058033376342657858529",
"308077450212064784695077331414328644901",
"44075060034108606981855416107899868779",
"9301460933671656330813838139347393808",
"154383921590946298712208395047202714545",
"324050390258925601949616964387107136274",
"33746839533462555795518580425224284875",
"207264929034729429417208018213696842315",
"112464556870825325723676181583457024396"
],
"threshold": 0.9
},
"id": "CVE-2025-24975-7b5b9154",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "src/jrd/extds/InternalDS.cpp",
"function": "InternalConnection::isSameDatabase"
},
"source": "https://github.com/firebirdsql/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6",
"deprecated": false,
"digest": {
"function_hash": "214177526190612526823535314678715203211",
"length": 542.0
},
"id": "CVE-2025-24975-7e4dcbf5",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "src/jrd/jrd.cpp"
},
"source": "https://github.com/firebirdsql/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6",
"deprecated": false,
"digest": {
"line_hashes": [
"112241105654922353476393667089713427318",
"332260882966683255597276028356533974031",
"109342728690891948389455001937962675547",
"120024246022571981437927986944580678714",
"156028600935621219119403944779613951775",
"74713473614481110738546737443835950029",
"172169964118725265929340258288032518267"
],
"threshold": 0.9
},
"id": "CVE-2025-24975-7ebbe075",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "src/jrd/extds/ExtDS.cpp",
"function": "Provider::createConnection"
},
"source": "https://github.com/firebirdsql/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6",
"deprecated": false,
"digest": {
"function_hash": "232602659348651206137534837279619223626",
"length": 316.0
},
"id": "CVE-2025-24975-81e7bcd8",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "src/remote/client/interface.cpp",
"function": "ClntAuthBlock::ClientCrypt::destroy"
},
"source": "https://github.com/firebirdsql/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6",
"deprecated": false,
"digest": {
"function_hash": "124573605239008401481967776852284313079",
"length": 205.0
},
"id": "CVE-2025-24975-877d0d86",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "src/include/firebird/IdlFbInterfaces.h"
},
"source": "https://github.com/firebirdsql/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6",
"deprecated": false,
"digest": {
"line_hashes": [
"303641205196485915331137920219295914133",
"61224366249305660459881931054325316561",
"326526752841106746483390258178202365443",
"322933497553841421543352491497850220296",
"300098177565455163763772810465508267159",
"277948386456474699618244696956151250656",
"138346446560280780925868319686113563465",
"209896670450966475648611550761513516739",
"299730575555414086246930965513355095851",
"241664650671274113129282711625699356858",
"138697690030686711387186961843263416597",
"91983644576786030414987984112898832630",
"47852245259293874209118508339658807086",
"304570947772303162652688071507494078190",
"38495001984361973638270605903453879091",
"130278662060889817673695032379593087059",
"334632262204238970915168569611580460112",
"315003434094467551834423756678739277803",
"54089880451195924651154876018082415110",
"165928679352620364268223503093145799453",
"263449524792616372147721340935548731303",
"31286169891361285109388889509579037498",
"163284662693800275677032726731916428903"
],
"threshold": 0.9
},
"id": "CVE-2025-24975-96fcbedb",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "src/jrd/extds/ExtDS.cpp",
"function": "Provider::releaseConnection"
},
"source": "https://github.com/firebirdsql/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6",
"deprecated": false,
"digest": {
"function_hash": "292067839107265879419193038092730014279",
"length": 1380.0
},
"id": "CVE-2025-24975-a4690d30",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "src/jrd/extds/IscDS.cpp",
"function": "IscConnection::attach"
},
"source": "https://github.com/firebirdsql/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6",
"deprecated": false,
"digest": {
"function_hash": "10674432541895300773197185503531075543",
"length": 2992.0
},
"id": "CVE-2025-24975-b746295e",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "src/jrd/jrd.cpp",
"function": "callback"
},
"source": "https://github.com/firebirdsql/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6",
"deprecated": false,
"digest": {
"function_hash": "129134802832316807862241063989069390802",
"length": 100.0
},
"id": "CVE-2025-24975-bc97906d",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "src/jrd/extds/ExtDS.cpp",
"function": "Connection::isSameDatabase"
},
"source": "https://github.com/firebirdsql/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6",
"deprecated": false,
"digest": {
"function_hash": "181391598686668398129870902258742675934",
"length": 286.0
},
"id": "CVE-2025-24975-c4c68c14",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "src/remote/server/server.cpp"
},
"source": "https://github.com/firebirdsql/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6",
"deprecated": false,
"digest": {
"line_hashes": [
"101753128588571100718734548265247162189",
"278409182185029814056170519231204273024",
"323806759804975210379124548794124451441",
"107102636447667411264306207490647888556",
"270496981375091464763811383206797531273",
"309011840525324109171005558953463897296"
],
"threshold": 0.9
},
"id": "CVE-2025-24975-c9b8f55b",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "src/jrd/extds/ExtDS.cpp",
"function": "Connection::setup"
},
"source": "https://github.com/firebirdsql/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6",
"deprecated": false,
"digest": {
"function_hash": "133174715741705738742366447084073441007",
"length": 184.0
},
"id": "CVE-2025-24975-cbf4ce38",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "examples/dbcrypt/CryptKeyHolder.cpp"
},
"source": "https://github.com/firebirdsql/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6",
"deprecated": false,
"digest": {
"line_hashes": [
"213280393842461433285243524055383397104",
"203767357667158712274884316391642990458",
"30940213431697265362513078960074748606",
"132908408076076179504395973231567276008",
"302398349704736233448423399427668361703",
"269143098302199267257514043642674232539",
"257804244911007763777007797303408919668",
"228974365937973305005740519597140196340",
"216982150657799337122450571007479248975",
"286850557814206134166834091129732531232",
"237100305440946405071897800050326106432",
"238427127110282942751490879227881336288",
"31675319698027654528226849165056970726",
"132059982118894456908293502017367757143",
"150064144871783406086220831936379908439",
"198434393646963226391722894800343980273",
"306920819401798265881751740678113758801",
"49276942494748197106935617777978890578",
"44164921846353554242533711027678192947",
"215608372329109656911000420215977894172",
"48172097434691229921659358951154266001",
"164479886972352611731800288936695098647",
"146761240306108850120079163586016685363",
"1130552220312977313099483113249624157",
"309717442351043770070275305661521756351"
],
"threshold": 0.9
},
"id": "CVE-2025-24975-cdadc25a",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "src/jrd/extds/ExtDS.cpp"
},
"source": "https://github.com/firebirdsql/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6",
"deprecated": false,
"digest": {
"line_hashes": [
"118671760602674633435472212835539968420",
"318481097345215673211231030555297661961",
"148655248710948752928956428321707930324",
"189668249810876213127847659717810616192",
"160499320138158636421776247587849433319",
"302370742875332481821365554020675542952",
"236200094367756087930535613650937425507",
"72086199127171349454184597931018000352",
"251367719542561815125688693522574626664",
"221744440033340382126826480023590561569",
"173482875142568200366140991436082448830",
"50367485770012080849767579138435672794",
"37529990168982424174210063968611226821",
"202486815639426906218532341348428292014",
"268290301034338923405489994015731071754",
"86874311651728784276943109659708357975",
"328070072152074578476270529942482792022",
"160844337767870695119335308341474971111",
"150436599220977223931788790941963876229",
"300703657560323818304964253151572536562",
"49119422001853739646391626741155655505",
"285315534529820416169633113900131769989",
"13784756394293784604138033864894753065",
"89994444291701302738048445735439834107",
"265810277808610107014221967373953014507",
"255827749170496845108039852367711782409",
"205792075688717465776782152584724026213",
"268767718116049650792792077720884668483",
"36241991686285978361546337559183098339",
"229160672261564496512958290500403875392",
"144561814271324887138346314137864444791",
"183344413241724511045526375362492479520",
"246279117987015333597272477489124347927",
"99206292190734696952556800483276453755",
"103568153848655399955255927505437146322",
"167484740045227550407751929404418475102",
"104950008855185858511505141081597075442",
"196853589651982347576496239307784801349",
"96102168099350584977189167895655123339",
"104341724670293240425742535580018237885",
"276356199157359175685684589128690330084",
"108576891252053841912757051125713726401",
"159387453466142269614693234582849887744",
"43563248888872859403622312424203872367",
"19006681055705851751691464410703678683",
"77964070932421329950033208900752717026",
"174017995525184801267523253971922344740",
"122458885883081040491436422107578005215",
"206082261820528443386475444624330001753",
"226763324366060603661897715777868618100",
"242118776829319912869005388344496389909",
"51461650112157415745077451258441349737",
"292821693961097179829699942150462261894",
"58705346953693227610391406164346941519",
"109357717583363984364054897963265414681",
"210252656414166359150742951892078365786",
"34452843227816514863104082169419181573",
"191510777686823216297577771575214815623"
],
"threshold": 0.9
},
"id": "CVE-2025-24975-d256e848",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "src/remote/client/interface.cpp"
},
"source": "https://github.com/firebirdsql/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6",
"deprecated": false,
"digest": {
"line_hashes": [
"129218070605106790845329538225736768716",
"266674424411322816467436235401275934365",
"299355734668740262010596866745065566869",
"106002172107873494201796655527320029901",
"34806875211374320021017328293179549770"
],
"threshold": 0.9
},
"id": "CVE-2025-24975-d88749da",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "src/jrd/extds/InternalDS.cpp",
"function": "InternalConnection::attach"
},
"source": "https://github.com/firebirdsql/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6",
"deprecated": false,
"digest": {
"function_hash": "325002259748239155276623045108724752903",
"length": 1415.0
},
"id": "CVE-2025-24975-dfca76fc",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "src/jrd/extds/ExtDS.h"
},
"source": "https://github.com/firebirdsql/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6",
"deprecated": false,
"digest": {
"line_hashes": [
"247474570760561859060523420757948562530",
"330141513604023151471671803747864495831",
"54221679866641843547803089888594638052",
"140121986464951972267040260034907665375",
"49627782265431602990627841860196964612",
"260156140615070849008082560156498730726",
"174266533254270554945477785243744974185",
"75021916620507432601856180756496646671",
"88362871246025816991576541006538108558",
"157375703578013371927578687158547929320",
"84207446967435321594951226353275669974",
"135608427515234258727965145012083505261",
"23387454193913005314999670809873966419",
"282756040802231928640306643714230290971",
"91278518935496756293141061305444353820",
"12992760371753456778126174341446074283",
"243572477243888166095640332437623396741",
"111863037857535321544869739765872992731",
"82432680945591015074574808321359891379",
"154048448678606213611061808788925155099",
"134064891150520672991541860267547351008",
"91083632748616947645971314731453267574"
],
"threshold": 0.9
},
"id": "CVE-2025-24975-e162d436",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "src/jrd/extds/ExtDS.cpp",
"function": "Provider::getBoundConnection"
},
"source": "https://github.com/firebirdsql/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6",
"deprecated": false,
"digest": {
"function_hash": "181451105238768516288788743294057526660",
"length": 725.0
},
"id": "CVE-2025-24975-eb084e9d",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "src/jrd/extds/ExtDS.cpp",
"function": "Manager::getConnection"
},
"source": "https://github.com/firebirdsql/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6",
"deprecated": false,
"digest": {
"function_hash": "214415439996081411600384522025200572388",
"length": 1443.0
},
"id": "CVE-2025-24975-f766e81c",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "src/jrd/extds/InternalDS.h"
},
"source": "https://github.com/firebirdsql/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6",
"deprecated": false,
"digest": {
"line_hashes": [
"255763516251084306301162171055655302219",
"124586681117008658334160426393461786515",
"193937275259192241222602790937211657952",
"77225157043743709764669786853470304463"
],
"threshold": 0.9
},
"id": "CVE-2025-24975-fd0abca0",
"signature_type": "Line"
}
]