CVE-2025-10158

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The 

malicious 

rsync client requires at least read access to the remote rsync module in order to trigger the issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
rapid7CNA
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
Debian logo
Debian Releases
Debian Product
Codename
rsync
bullseye
ignored
trixie
no-dsa
bookworm
no-dsa
bullseye (security)
vulnerable
bookworm (security)
vulnerable
forky
3.4.1+ds1-7
fixed
sid
3.4.1+ds1-7
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
rsync
questing
needs-triage
plucky
needs-triage
noble
needs-triage
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
trusty
needs-triage
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://attackerkb.com/assessments/fbacb2a6-d1cd-4011-bb3a-f06b1c8306b1
https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f