CVE-2025-0725

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: libcurl versions using zlib 1.2.0.3 or older

Description: The issue is related to automatic gzip decompression of content-encoded HTTP responses with the CURLOPT ACCEPT ENCODING option. An attacker-controlled integer overflow can cause libcurl to perform a buffer overflow when using zlib 1.2.0.3 or older. This can potentially allow a remote attacker to bypass the ASLR protection mechanism, execute arbitrary code, or cause a denial of service.

Recommendations: For libcurl versions using zlib 1.2.0.3 or older, consider disabling the CURLOPT ACCEPT ENCODING option as a temporary workaround until a patch is available. Restrict access to the vulnerable zlib library to minimize the risk of exploitation. Avoid using the CURLOPT ACCEPT ENCODING option with zlib versions 1.2.0.3 or older until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Buffer Overflow

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-680CWE-120CWE-190

Related Identifiers

ALT-PU-2025-10235

ALT-PU-2025-2425

ALT-PU-2025-2652

AZL-56471

AZL-56498

AZL-56504

BDU:2025-01585

CLEANSTART-2026-AY18527

CLEANSTART-2026-BW46578

CLEANSTART-2026-DI23929

CLEANSTART-2026-LQ42192

CLEANSTART-2026-OF85770

CVE-2025-0725

ECHO-F69F-CBD4-841A

JLSEC-2026-422

MGASA-2025-0123

OPENSUSE-SU-2025_0369-1

OPENSUSE-SU-2025_0370-1

SUSE-SU-2025:0369-1

SUSE-SU-2025:0370-1

SUSE-SU-2025:0371-1

SUSE-SU-2025:0372-1

SUSE-SU-2025:20144-1

SUSE-SU-2025_0369-1

SUSE-SU-2025_0370-1

SUSE-SU-2025_0371-1

SUSE-SU-2025_0372-1

Affected Products

Alt Linux

Debian

Red Os

Suse

Libcurl

Zlib

CVE-2025-0725

Weakness Enumeration

Related Identifiers

Affected Products

References · 322