CVE-2025-24975

Name of the Vulnerable Software and Affected Versions: Firebird versions prior to 4.0.6.3183 Firebird versions prior to 5.0.2.1610 Firebird versions prior to 6.0.0.609

Description: Firebird is a relational database. If the ExtConnPoolSize parameter is not set to 0, a server process segfault may occur due to improper verification of connections stored in the ExtConnPool and the CryptCallback interface. This can affect both encrypted and unencrypted databases, particularly when using chained execute statements. Accessing encrypted databases via an execute statement on an external connection, followed by an attachment missing the necessary key, may also occur.

Recommendations: Firebird versions prior to 4.0.6.3183: Update to version 4.0.6.3183 or later. Firebird versions prior to 5.0.2.1610: Update to version 5.0.2.1610 or later. Firebird versions prior to 6.0.0.609: Update to version 6.0.0.609 or later. As a workaround for all affected versions, set ExtConnPoolSize to 0 in the firebird.conf file.