CVE-2025-6375

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Poco versions up to 1.14.1

Description: A null pointer dereference issue was found in the MultipartInputStream function of the file Net/src/MultipartReader.cpp. This issue can be exploited locally. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. The issue is related to the MultipartInputStream function, which is part of the Poco library.

Recommendations: For Poco versions up to 1.14.1, upgrade to version 1.14.2 to address this issue. As a temporary workaround, consider restricting the use of the MultipartInputStream function until the patch is applied.

Exploit

Fix

Improper Resource Release

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-476

Related Identifiers

CVE-2025-6375

OPENSUSE-SU-2025:15322-1

Affected Products

Debian

Poco

CVE-2025-6375

Weakness Enumeration

Related Identifiers

Affected Products

References · 21