CVE-2025-65104

CVSS v3.1

7.9

High

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L

Name of the Vulnerable Software and Affected Versions Firebird client library version FB3

Description The FB3 client library places incorrect data length values into XSQLDA fields when communicating with Firebird servers version FB4 or higher, which leads to an information leak.

Recommendations Upgrade to the FB4 client or higher.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2025-65104

OESA-2026-2013

OESA-2026-2014

OESA-2026-2015

OESA-2026-2016

OESA-2026-2017

Affected Products

Firebird Client Library

CVE-2025-65104

Weakness Enumeration

Related Identifiers

Affected Products

References · 28