CVE-2025-65104

Source
https://cve.org/CVERecord?id=CVE-2025-65104
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-65104.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-65104
Aliases
  • GHSA-mfpr-9886-xjhg
Downstream
Related
Published
2026-04-17T17:47:42.109Z
Modified
2026-07-08T08:06:47.244340495Z
Severity
  • 7.9 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L CVSS Calculator
Summary
Firebird: Information leak vulnerability in firebird3 client when used with newer server
Details

Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or higher.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/65xxx/CVE-2025-65104.json",
    "cwe_ids": [
        "CWE-200"
    ],
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/firebirdsql/firebird

Affected ranges

Type
GIT
Repo
https://github.com/firebirdsql/firebird
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ],
    "cpe": "cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.0.14"
        }
    ]
}

Affected versions

Other
R3_0_0
R3_0_1
R3_0_2
R3_0_3
R3_0_4
R3_0_5
R3_0_6
R3_0_7
T4_0_0_Beta1
T4_0_0_Beta2
T4_0_0_RC1
v3.*
v3.0.10
v3.0.11
v3.0.12
v3.0.13
v3.0.8
v3.0.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-65104.json"