CVE-2025-10158

EUVD-2025-198005
A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The 

malicious 

rsync client requires at least read access to the remote rsync module in order to trigger the issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
Debian logo
Debian Releases
Debian Product
Codename
rsync
bookworm
3.2.7-1+deb12u4
fixed
bookworm (security)
3.2.7-1+deb12u5
fixed
bullseye
ignored
bullseye (security)
vulnerable
forky
3.4.2+ds1-2
fixed
sid
3.4.3+ds1-2
fixed
trixie
3.4.1+ds1-5+deb13u2
fixed
trixie (security)
3.4.1+ds1-5+deb13u3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
rsync
bionic
needs-triage
focal
needs-triage
jammy
Fixed 3.2.7-0ubuntu0.22.04.6
released
noble
Fixed 3.2.7-1ubuntu1.4
released
plucky
ignored
questing
Fixed 3.4.1+ds1-5ubuntu1.2
released
resolute
Fixed 3.4.1+ds1-7
released
trusty
needs-triage
xenial
needs-triage
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
rsync
RHEL 8
0:3.1.3-24.el8_10
fixed
RHEL 9
0:3.2.5-3.el9_7.2
fixed
rsync-daemon
RHEL 8
0:3.1.3-24.el8_10
fixed
RHEL 9
0:3.2.5-3.el9_7.2
fixed
rsync-rrsync
RHEL 9
0:3.2.5-3.el9_7.2
fixed
Common Weakness Enumeration
References
https://attackerkb.com/assessments/fbacb2a6-d1cd-4011-bb3a-f06b1c8306b1
https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f