CVE-2025-10158

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions rsync (affected versions not specified)

Description A specially crafted client, acting as the receiver during an rsync file transfer, can cause a read error due to accessing memory outside the intended boundaries. This occurs because of a negative array index. The malicious client needs at least read access to the remote rsync module to trigger this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Validation of Array Index

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-129CWE-119

Related Identifiers

ALSA-2026:6390

ALSA-2026:6436

ALSA-2026:6825

AZL-70387

AZL-70667

BDU:2025-14729

CVE-2025-10158

ECHO-DF75-75A7-DA98

MGASA-2026-0048

OPENSUSE-SU-2025:15827-1

OPENSUSE-SU-2026:20754-1

RHSA-2026:6390

RHSA-2026:6436

RHSA-2026:6825

SUSE-SU-2025:4511-1

SUSE-SU-2026:0005-1

SUSE-SU-2026:0041-1

SUSE-SU-2026:0069-1

SUSE-SU-2026:20044-1

SUSE-SU-2026:20058-1

SUSE-SU-2026:2038-1

SUSE-SU-2026:2048-1

SUSE-SU-2026:2083-1

SUSE-SU-2026:21726-1

SUSE-SU-2026:21739-1

SUSE-SU-2026:21747-1

SUSE-SU-2026:21795-1

USN-8283-1

USN-8349-1

Affected Products

Alt Linux

Debian

Linuxmint

Rocky Linux

Ubuntu

Rsync

CVE-2025-10158

Weakness Enumeration

Related Identifiers

Affected Products

References · 69