CVE-2025-6375

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-6375
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-6375.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-6375
Downstream
Related
Published
2025-06-21T01:15:29.463Z
Modified
2026-04-12T18:28:19.497235Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability was found in poco up to 1.14.1. It has been rated as problematic. Affected by this issue is the function MultipartInputStream of the file Net/src/MultipartReader.cpp. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.14.2 is able to address this issue. The patch is identified as 6f2f85913c191ab9ddfb8fae781f5d66afccf3bf. It is recommended to upgrade the affected component.

References

Affected packages

Git / github.com/pocoproject/poco

Affected ranges

Type
GIT
Repo
https://github.com/pocoproject/poco
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
96d182a99303fb068575294b36f0cc20da2e7b25
Fixed
6f2f85913c191ab9ddfb8fae781f5d66afccf3bf
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.14.2"
        }
    ]
}

Affected versions

poco-1.*
poco-1.10.0-release
poco-1.10.1-release
poco-1.14.0-release
poco-1.14.1-release
poco-1.5.2-rc1
poco-1.5.2-rc2
poco-1.5.2-rc3
poco-1.5.2-release
poco-1.5.3-rc1
poco-1.5.3-release
poco-1.6.0-release
poco-1.6.1-release
poco-1.7.0-release
poco-1.7.1-release
poco-1.7.2-release
poco-1.7.3-release
poco-1.7.4-release

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-6375.json"
vanir_signatures 
[
    {
        "digest": {
            "length": 1471.0,
            "function_hash": "215923356699599394323366592647160920825"
        },
        "id": "CVE-2025-6375-5647c77b",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/pocoproject/poco/commit/6f2f85913c191ab9ddfb8fae781f5d66afccf3bf",
        "target": {
            "function": "MultipartStreamBuf::readFromDevice",
            "file": "Net/src/MultipartReader.cpp"
        }
    },
    {
        "digest": {
            "length": 290.0,
            "function_hash": "320547468420939799928603777513449061664"
        },
        "id": "CVE-2025-6375-6a52e544",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/pocoproject/poco/commit/6f2f85913c191ab9ddfb8fae781f5d66afccf3bf",
        "target": {
            "function": "MultipartStreamBuf::MultipartStreamBuf",
            "file": "Net/src/MultipartReader.cpp"
        }
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "203083414733696051617086664678306678332",
                "147855202338425332464242580461362820299",
                "43418884708172006315615574004768586283",
                "86737937261282986994741671653485530331",
                "198384027547572475612423318013275436488",
                "71794696764555002344268472557830863663",
                "41971215585259769353066626170967854059",
                "38951875664973674800365891904819626943"
            ]
        },
        "id": "CVE-2025-6375-a32917a8",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/pocoproject/poco/commit/6f2f85913c191ab9ddfb8fae781f5d66afccf3bf",
        "target": {
            "file": "Net/src/MultipartReader.cpp"
        }
    }
]
vanir_signatures_modified 
"2026-04-12T18:28:19Z"